It comes as no surprise that researchers have found yet another serious hardware security flaw. Just five weeks ago, the security world was abuzz with the discovery of the CacheOut microprocessor vulnerability, a speculative execution attack that follows lines similar to Spectre, Meltdown and Zombieload. And while the latest flaw is not related to speculative execution, all of these vulnerabilities have one thing in common—they enable hackers to gain access to data and sensitive keys while the processor is accessing them.
It’s rather ironic, as for years the security industry has held up hardware-backed security as the holy grail that we should rely on to protect our secrets. In reality, the hardware itself may be riddled with holes.
An “unfixable” architecture flaw
The latest discovery is not actually a new vulnerability but a new method of exploiting CVE-2019-0090, a bug discovered last year that was supposedly patched. Now it appears to be a fundamental and unfixable flaw in Intel’s security architecture that is related to the root of trust built into the chips. The Intel Converged Security and Management Engine (CSME) forms the basis of cryptography for hardware security technologies developed by Intel and is used pretty much everywhere, including for DRM, fTPM, and Intel Identity Protection. The vulnerability occurs in the ROM of the CSME for all modern Intel processors released in the last five years, with the exception of the newest 10th Gen processors.
Why does it matter?
In this case, the weakness exists in Intel’s boot ROM. Attackers can exploit the vulnerability during the boot process to read the Chipset Key as well as control the generation of all other encryption keys. One example of such a key is the Integrity Control Value Blob (ICVB), which hackers can use to load forged firmware without it being detected. This is equivalent to the breach of a private key in applications. More technical details about the vulnerability can be found here.
The Intel CSME underpins a security procedure called EPID (Enhanced Privacy ID), which is used to enable systems to be uniquely and anonymously identified. It forms the basis of a number of data protection technologies including digital rights management (DRM) and protection of financial transactions.
The weakness, in this case, sits in the security foundation—the root of trust that everything else is built on top of. The big issue here is that it is impossible to properly fix errors hard-coded into the ROM of microprocessors. Essentially the vulnerability destroys the trust of the entire platform.
What can you do?
whiteCryption® Secure Key Box™ is a white-box cryptography library, designed to keep keys encoded at all times—at rest, in transit, and in use. This means that even if a key in memory is leaked, it remains encoded and thus secure. The key is never loaded into the CPU in the clear, so it can never be compromised.
whiteCryption Secure Key Box protects keys in the event of the latest CSME attack and is able to withstand all of the attacks in this post, as well as those yet to be discovered.
Download this Intertrust white paper to learn more about securing cryptographic keys and how whiteCryption Secure Key Box provides future-proof key protection.
About Paul Butterworth
Paul Butterworth is an experienced payment and security professional, having spent almost 30 years in the card, payments and IT security industries. Paul is responsible for global product marketing for the Intertrust Secure Systems’ market leading application shielding and device identity solutions.