Encryption & Key Management , Endpoint Security , Governance

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Researcher Finds Intel's Previous Management Engine Patches Weren't Foolproof
Intel Patches Firmware Flaw That Leaks ME Encryption Keys
Intel's headquarters in Santa Clara, California (Photo: Walden Kirsch/Intel)

Intel has had a challenging time lately on the vulnerability front. Computer security researchers have dug deeply into the chip manufacturer's wares, finding vulnerabilities such as Meltdown, Spectre and Foreshadow, all of which proved to be difficult to fix or mitigate.

See Also: Solving Third-Party Cybersecurity Risk - A Data-Driven Approach

Now, another problem has emerged. Intel has patched a very serious firmware vulnerability, CVE-2018-3655, which could potentially leak encryption keys stored inside its Management Engine. The ME is a crucial microchip with code that brokers communications between a processor and external devices and helps with power management as well as starting up a computer's main processor.

Here's Intel's list of affected components and the new, post-patch firmware version numbers:

The ME is a self-contained x86 system with its own RAM. The system runs its own OS, called MINIX, and sports a variety of other features and capabilities, such as responsibility for verifying the lowest layers of boot security, including the firmware.

But according to report published by Russian company Positive Technologies, one of its researchers, Dmitry Sklyarov, found that he could extract two types of non-Intel encryption keys within a type of file system contained in the ME.

Key Calculations

Sklyarov shouldn't have been able to do that after last year, when two of his colleagues, Mark Ermolov and Maxim Goryachy, found flaws that allowed them to do the same thing. Intel reviewed their research and issued a series of patches. In theory, those patches should have prevented these types of problems from recurring.

Ermolov and Goryachy were able to extract four types of keys: Intel's confidentiality and integrity keys and two non-Intel confidentiality and integrity keys. Their findings were significant enough that they detailed them in a presentation at the Black Hat Europe security conference last year.

This time around, Sklyarov was able to obtain the non-Intel confidentiality and integrity keys. When Intel patched the flaws found by Sklyarov's colleagues, it issued a new Security Version Number, which is a value that - in part - ensures that updated software still has access to older secrets stored on the microchip.

Sklyarov, however, found that the non-Intel keys are calculated using the SVN and an "immutable non-Intel root secret, which is unique to each platform," Positive Technologies writes in a blog post. The researcher exploited another vulnerability to get that root secret, which then enabled the calculation "of the values of both non-Intel keys even in the newer firmware version."

Positive Technologies says: "Attackers could calculate the non-Intel integrity key and non-Intel confidentiality key for firmware that has the updated SVN value, and therefore compromise the MFS [the ME's file system] security mechanisms that rely on these keys."

Attack Consequences

Intel lays out the consequences of a successful exploit in its security advisory. Namely, an unauthenticated attacker with physical access could bypass anti-reply protection with the CSME, or Converged Security and Management Engine. In other words, brute-force attacks could result in information disclosure.

Intel says an attacker may be able to access the Management Engine BIOS Extension password. Also possible is tampering within file systems or directories within the ME, Server Platform Services or the Trusted Execution Environment.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.