Intel CSME bug could enable hackers to compromise the cryptographic chain of trust in Intel systems, researchers warn

The bug is unpatchable, according to researchers, but doesn't affect Intel's latest generation of CPUs

A previously known bug in one of Intel's CPU technologies is unpatchable and much worse than previously thought.

That's according to the latest report from security firm Positive Technologies, which warns that the bug could enable hackers to compromise the cryptographic chain of trust in Intel systems. It added that fully fixing it can only be done by replacing the hardware.

The vulnerability, however, doesn't affect the Intel 10th generation CPUs, the researchers revealed.

In May last year, Intel had released a patch to fix the vulnerability, which is tracked as CVE-2019-0090. At the time, the researchers described it as a firmware bug impacting the ROM of Intel's Converged Security and Management Engine (CSME). They claimed that CVE-2019-0090 could allow attackers with physical access to the CPU to escalate privileges and run arbitrary code from within the CSME.

The CSME is a security feature that comes with all recent Intel CPUs and is used to cryptographically authenticate all firmware present on Intel-based computers.

According to Mark Ermolov, operating system and hardware security expert at Positive Technologies, the fix released by Intel last year only closes one exploit vector, but more attack methods currently exist that can be used to exploit the flaw.

Ermolov said that attackers can exploit CVE-2019-0090 to steal the Chipset Key (root cryptographic key), which could eventually allow them to access almost everything on the targeted machine.

"This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms," Ermolov stated.

"The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole."

Attackers don't necessarily need physical access to a computer system to exploit the bug. It can also be exploited by using a malware with BIOS-level code execution access or root privileges.

Intel is aware of the fact that it is not possible to fix the vulnerability in the ROM of existing hardware, according to Ermolov, and therefore, they are currently "trying to block all possible exploitation vectors."

Ermolov also said that CVE-2019-0090 appears similar to the Checkm8 boot ROM exploit for iOS devices, which was disclosed in September last year and is considered a permanent jailbreak.