Millions of Intel Chips Found to Have ‘Unfixable’ Boot ROM Security Flaw

Researchers at enterprise security solutions provider Positive Technologies have just discovered an ‘unfixable’ vulnerability in millions of Intel chipsets released over the last five years, that could allow attackers to compromise platform encryption keys and steal sensitive information (via The Register).


By exploiting the security flaw, which is buried deep inside the Converged Security and Manageability Engine (CSME) found in modern Intel chipsets, a local attacker could extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. What’s even worse is that it is impossible to detect such a key breach.

Since it is impossible to fully fix the vulnerability by modifying the chipset ROM, Positive Technologies experts recommend disabling Intel CSME based encryption of data storage devices.

The vulnerability potentially allows compromising common data protection technologies that rely on hardware keys for encryption, such as DRM, firmware TPM, and Intel Identity Protection. For example, attackers can exploit the vulnerability on their own computers to bypass content DRM and make illegal copies. In ROM, this vulnerability also allows for arbitrary code execution at the zero level of privilege of Intel CSME. No firmware updates can fix the vulnerability.

Intel is now recommending that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT should contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability.