Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

Image credit: Unsplash
Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Technologies expert Dmitry Sklyarov. The vulnerability involved security mechanisms in the MFS file system, which Intel ME uses to store data. By exploiting this flaw, attackers could manipulate the state of MFS and extract important secrets.

Intel ME (short for "Management Engine") stores data with the help of MFS (which likely stands for "ME File System"). MFS security mechanisms make heavy use of cryptographic keys. Keys differ in purpose (confidentiality vs. integrity) and degree of data sensitivity (Intel vs. non-Intel). The most sensitive data is protected by Intel Keys, with Non-Intel Keys used for everything else. So in total, four keys are used: Intel Integrity Key, Non-Intel Integrity Key, Intel Confidentiality Key, and Non-Intel Confidentiality Key.

In 2017, Positive Technologies experts Mark Ermolov and Maxim Goryachy uncovered a vulnerability that could be exploited to obtain all four keys, thus completely compromising MFS security mechanisms.

Intel later issued an update addressing this vulnerability. By increasing the Security Version Number (SVN), Intel updated all keys to make MFS security work as intended. It should now have been impossible to obtain the MFS keys for updated ME firmware versions (those with the new SVN value).

But in 2018, Positive Technologies expert Dmitry Sklyarov discovered vulnerability CVE-2018-3655, described in advisory Intel-SA-00125. He found that Non-Intel Keys are derived from two values: the SVN and the immutable non-Intel root secret, which is unique to each platform. By using an earlier vulnerability to enable the JTAG debugger, it was possible to obtain the latter value. Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version.

Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value, and therefore compromise the MFS security mechanisms that rely on these keys.

The Non-Intel Integrity Key enforces the integrity of all MFS directories. Knowledge of this key could be abused to add files, delete files, and change their protection attributes. This key also underlies anti-replay tables, which are intended to prevent substitution of the contents of some files with previous versions. Anti-replay mechanisms could be easily bypassed as a result. The Non-Intel Confidentiality Key secures certain files and is used to encrypt the AMT password, for example.

By sequentially exploiting the vulnerabilities discovered by Positive Technologies in 2017 and 2018, an attacker could take advantage of ME to obtain vital secrets. Although the need for physical access makes exploitation more difficult, the scope of the threat remains breathtaking.

Positive Technologies experts have found a number of vulnerabilities in Intel ME. Mark Ermolov and Maxim Goryachy gave a talk at Black Hat Europe regarding a vulnerability they discovered. At the same conference, Dmitry Sklyarov delved into the workings of the ME file system.

In addition, Positive Technologies experts devised a method for disabling Intel ME by using an undocumented mode and showed how to enable JTAG debugging.

Article Link: http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html