Most Intel Corp. chipsets released in the past five years have been found to have a vulnerability that can be exploited to obtain encrypted data and compromise data protection.

Detailed today by researchers at Positive Technologies, the flaw was one of a range uncovered by Intel itself last year and initially addressed in May. However, the new research finds that the vulnerability itself is hardware-based, with no way of fixing it other than to replace affected chips.

The vulnerability relates directly to the Converged Security and Management Engine, a security feature in Intel central processing units and chipsets. The CSME implements a firmware-based Trusted Platform Module used for encryption, authentication of UEFI BIOS firmware, Microsoft System Guard, BitLocker and other security features such as digital rights management and identity protection technology.

In this case, the vulnerability allows hackers to exploit an error in the hardware key-generation mechanism that allows them to take control of code execution.

“An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys,” the researchers explained. “One of these keys is for the Integrity Control Value Blob. With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform.”

The vulnerability can also be exploited by those looking to bypass digital rights management on copyright-protected content, “a boon for pesky software and digital content pirates,” Laptopmag noted.

The problem can be found in Intel chips manufactured in approximately the last five years with the exception of the latest Intel 10th generation, Ice Point chipsets and SoCs.

Intel confirmed the vulnerability, telling Ars Technica that installing the CSME and BIOS updates with end of manufacturing set by the system manufacturer “should” mitigate local attacks. Physical attacks, where the hack has physical control of a targeted system, may still be possible if CSME hardware-based anti-rollback features aren’t supported by a system manufacturer.

However, at least one analyst believes the issue isn’t as worrisome as it might appear.

“I think this one is getting blown way out of proportion,” said Patrick Moorhead of Moor Insights & Strategy. “First off, it requires physical access and specialized hardware. This can be mitigated with updating firmware and making sure that anti-rollback settings are turned on. The issue becomes if the ARB does not exist.”

With reporting from Robert Hof

Photo: Piqsels