Serious Flaw in Intel Chips Lets Attackers Decrypt Hard Drives

Generic image of a CPU

A flaw found in Intel chips lets attackers decrypt your hard drive, among other things. It can’t be fixed but instead mitigated with firmware patches (via The Register).

CSME

The flaw is found within the Converged Security and Mangeability Engine (CSME). This engine does many low-level tasks like controlling power levels, starting the main CPU, verifying and bottling firmware, and providing cryptographic functions. It’s the first thing that starts when you turn on your computer. It’s described as a mini computer because it has its own RAM, CPU, and boot ROM.

The CSME can protect its RAM so that the rest of the computer can’t use it. But there is a tiny window of opportunity between the system turning on and the CSME enabling its memory protection. During that window, it’s possible for a hacker to hijack the CSME. Physical access to the machine is required; this isn’t a remote exploit.

Once a hacker has control over the CSME they can extract its cryptographic keys used for such things like disk encryption. In the case of Macs this means FileVault. Once the keys are stolen the hacker can decrypt your hard drive.

However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.

“When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.

Intel says the only thing people can do is to install firmware mitigation’s and make sure to install the latest software updates. It affects Intel chips manufactured in the past five years, and can’t be completely fixed without replacing the actual chip.

Further Reading

[How Coronavirus Misinformation is Spreading Across Facebook]

[How the EARN IT Act is an Attack on Encryption]

5 thoughts on “Serious Flaw in Intel Chips Lets Attackers Decrypt Hard Drives

  • Intel probably farmed out the chip development verification process to China (who conveniently left out a few test vectors).

    Makes you wonder though about the expertise and experience level left at Intel

  • Terrifyingly bad. Also, I think the T1/T2 chips only help on drives that are encrypted by it. But if you boot off a PCI drive in the new Mac Pro, you’re still out of luck.

    Intel is just so bad, Apple needs to move over to AMD and it’s own chips.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.