It was starting to feel like Intel was overdue for serious Management Engine (ME) vulnerabilities. But this week, researchers at Positive Technologies revealed a new security flaw in the subsystem that could let attackers compromise its MFS file system. Intel has released updates to address the problem, though, so Intel CPU owners should make sure their firmware is up-to-date.
ME has become a repeated source of problems for Intel and its customers. The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel's Active Management Technology (AMT). ME has its own network interface, memory, operating system and file system (MFS) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information.
The problem is that researchers have discovered numerous vulnerabilities in ME over the last few years; Positive Technologies revealed one in 2017 that allowed full takeover of ME via USB (it's since been fixed). Now, it's revealed another one that allows someone with physical access to a system to compromise ME and "manipulate the state of MFS and extract important secrets" with the ability to "add files, delete files and change their protection attributes."
Positive Technologies said the attack can be used to learn four keys MFS uses to secure data-- the Intel Integrity Key, Non-Intel Integrity Key, Intel Confidentiality Key and Non-Intel Confidentiality Key--that were supposed to be protected via a firmware update Intel released in 2017. Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post:
"Positive Technologies expert Dmitry Sklyarov discovered vulnerability CVE-2018-3655, described in advisory Intel-SA-00125. He found that Non-Intel Keys are derived from two values: the SVN and the immutable non-Intel root secret, which is unique to each platform. By using an earlier vulnerability to enable the JTAG debugger, it was possible to obtain the latter value. Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version. ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys."
Intel released the Intel-SA-00125 firmware update to defend against this vulnerability on September 11. But this is another point in favor of companies questioning--or outright banning--the use of ME in their systems. Purism avoids ME and the services it enables in its privacy-focused Librem notebooks, Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers.
Just like the boom in speculative execution flaw discoveries that kicked off with Meltdown and Spectre, the discovery of these problems is likely to encourage researchers to seek out similar flaws in Intel's processors. (Other processors have vulnerabilities too, of course, but Intel gets more scrutiny because its CPUs are so popular.) Chances are good that more vulnerabilities will be found in ME and similar tools in the not-too-distant future.