Following the Meltdown and Spectre security vulnerabilities, a new hardware-based exploit has now been discovered in Intel chips. This is said to make Apple's FileVault technology vulnerable.
Last year, the Meltdown and Spectre security vulnerabilities were discovered, which caused a lot of trouble. According to current reports, the security vulnerabilities at that time have since been fixed. But now there seems to be a new problem and it is said to be unpatchable. According to reports, the SSD encryption FileVault on Mac devices without T1 and T2 chips is at risk.
The purpose of FileVault
Die FileVault-Technologie ist im Grunde so konzipiert, dass die gesamte Festplatte verschlüsselt wird. Dabei wird standardmäßig die AES128-Bit-XTS-Standard Verschlüsselung verwendet. Doch das Festplattendienstprogramm hält auch die AES256-Bit-XTS Version bereit, also eine Verschlüsselung auf Militärniveau, die den Mac zu 100 Prozent sicher macht. Einem neuen Bericht von The Register zufolge sei allerdings genau dieses “Feature” in Gefahr. Eine brandneue hardwarebasierte Schwachstelle in Intel-Chips kann FileVault angreifbar machen, da die Sicherheitslücke unpatchbar sein soll. Ersten Erkenntnissen zufolge könnten Angreifer den Startvorgang des Macs kompromittieren, um Zugang zu den Codes zu erhalten, die für die Verschlüsselung der Festplatte verantwortlich sind. Das Problem wird dabei wie folgt explained:
The problem revolves around cryptographic keys that, if obtained, can be used to break the root of trust in a system. Buried deep inside modern Intel chipsets is what is known as the Management Engine, or nowadays the Converged Security and Manageability Engine (CSME).
Like a digital janitor, the CSME works behind the scenes, beneath the operating system, hypervisor, and firmware, performing many important low-level tasks such as booting up the computer, controlling power levels, starting the main processor chips, verifying and booting the motherboard's firmware, and providing cryptographic functions. The engine is the first thing that runs when a machine is turned on. One of the first things it does is set up memory protections on its own built-in RAM so that other hardware and software cannot interfere with it. However, these protections are disabled by default, so there is a tiny time gap between when a system is turned on and the CSME executing the code in its boot ROM that installs these protections, which come in the form of input-output memory management unit (IOMMU) data structures called page tables.
During this time gap, other hardware - physically connected or present on the motherboard - capable of firing a DMA transfer into the CSME's private RAM can overwrite variables and pointers and take over execution. At this point, the CSME can be seized for malicious purposes without the software running on top of it noticing. It's like a sniper shooting a sliver of a target while shooting past small cracks in a wall. The DMA write race can be attempted when the machine is powered on or awakens from sleep. If someone manages to extract this hardware key, they can unlock the chipset key and, with code execution within the CSME, undo Intel's root of trust in large product areas at once. When this happens, total chaos will reign. Hardware IDs will be spoofed, digital content will be extracted, and data from encrypted hard drives will be decrypted.
Therefore, the Mac should not be released
Der Exploit ist also nicht nur hardwarebasiert sondern er gilt auch als unpatchbar. Wer seinen Mac an Dritte weitergibt, macht sich dadurch angreifbar, da die Sicherheitslücke nur ausgenutzt werden kann, wenn Angreifer physischen Zugang zum Gerät erhalten. Intels Ratschlag lautet dabei – die betroffenen Geräte müssen in “physischem Besitz” des Eigentümers bleiben. Doch nicht alle Macs sind davon betroffen. Dem Bericht zufolge seien Apple Geräte mit den Sicherheitschips T1 und T2 nicht beeinträchtigt, da diese beim Hochfahren des Macs noch vor dem Intel-Chip greifen und die FileVault-Verschlüsselungscodes in der “Secure Enclave” gespeichert sind. Demnach sind nur “ältere” Geräte von dem Problem betroffen. (Photo by Jakub Jirsak / Bigstockphoto)