Intel CSME Irreparable Boot Flaw – Yet Another Intel Security Vulnerability
Intel’s ongoing rampage of security vulnerabilities continues as yet another vulnerability has been discovered, this time in Intel's CSME device. Since January of 2018, the list of these vulnerabilities continues to grow, and quite frankly, this is unacceptable, and this one is no different. It’s been over two years since the initial Meltdown and Spectre discovery, yet researchers continue to find more. There is one primary aspect of the new flaw that has differed from the others, though; this being that it cannot be fixed.
What is Intel’s Converged Security & Management Engine (CSME)?
Intel’s Converged Security & Management Engine has been implemented in virtually all Intel chipsets since 2008 and is built into Intel’s PCH, and since then, has raised quite a bit of speculation as to what it actually does.
CSME runs on what was supposed to be an isolated x86 microprocessor-based upon the i486. This 32-bit microprocessor contains its own SRAM and firmware ROM and as of Version 11, is known to run the MINIX 3 operating system. The CSME microprocessor continues to run when the system is off, as long as a source of power is available.
Little documentation is available for CSME, and because of that, the idea of having a second microprocessor onboard modern Intel motherboards that have total control over the system’s hardware, even when the system is off, is somewhat controversial. Intel has gone to the extent of using Huffman tables, a type of encoding that no individual can understand without official documentation, and with the mystery of what CSME does, multiple users over the last few years have attempted to disable CSME.
Various methods have been found to ‘disable’ CSME, but none of these methods completely do so. These methods essentially put the CSME microprocessor into a low power state, specifically where the chip no longer executed any code but continues to run suspended.
Intel Converged Security & Management Engine (CSME) Vulnerability - CPUs & Chipsets Affected
Due to the design of Intel's CSME, during the boot process, CSME becomes vulnerable to exploitation. The primary issue with CSME is that this is purely a hardware level issue, or, more specifically, is completely irreparable without a total hardware replacement, therefore compromising the entire platform's integrity.
Since attacks may be launched on a local, hardware basis, malicious code completely bypasses all OS-level protection and may instantly target data stored on the system. Essentially, the possible result of an attack could lead to complete decryption of storage devices, falsified hardware identification, and data protected by DRM.
CSME has been patched before, though, this time, it looks as if the measures required to secure a system are in a different league than before. This is bad news for Intel users across the board as the only method of securing their systems is to upgrade to 10th Generation Intel CPUs and motherboards as those products are immune to the CSME flaw, go back nearly ten years to a legacy Intel platform before CSME's integration, or switch to AMD.