{"id":10585,"date":"2020-03-06T17:32:35","date_gmt":"2020-03-06T16:32:35","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=10585"},"modified":"2020-03-06T17:32:35","modified_gmt":"2020-03-06T16:32:35","slug":"filevault-new-vulnerability-discovered-in-intel-chips","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/filevault-neue-schwachstelle-in-intel-chips-entdeckt","title":{"rendered":"FileVault: New vulnerability discovered in Intel chips"},"content":{"rendered":"

Following the Meltdown and Spectre security vulnerabilities, a new hardware-based exploit has now been discovered in Intel chips. This is said to make Apple's FileVault technology vulnerable. <\/strong><\/p>\n\n\n\n

Last year, the Meltdown and Spectre security vulnerabilities were discovered, which caused a lot of trouble. According to current reports, the security vulnerabilities at that time have since been fixed. But now there seems to be a new problem and it is said to be unpatchable. According to reports, the SSD encryption FileVault on Mac devices without T1 and T2 chips is at risk. <\/p>\n\n\n\n

The purpose of FileVault<\/h3>\n\n\n\n

FileVault technology is basically designed to encrypt the entire hard drive. The AES128-bit XTS standard encryption is used by default. However, the Disk Utility also offers the AES256-bit XTS version, which is military-grade encryption that makes the Mac 100 percent secure. According to a new report from The Register, however, this very "feature" is at risk. A brand new hardware-based vulnerability in Intel chips can make FileVault vulnerable, as the security hole is said to be unpatchable. According to initial findings, attackers could compromise the Mac's boot process to gain access to the codes responsible for encrypting the hard drive. The problem is described as follows: explained<\/a>: <\/p>\n\n\n\n\n\n\n\n

The problem revolves around cryptographic keys that, if obtained, can be used to break the root of trust in a system. Buried deep inside modern Intel chipsets is what is known as the Management Engine, or nowadays the Converged Security and Manageability Engine (CSME).<\/p>

Like a digital janitor, the CSME works behind the scenes, beneath the operating system, hypervisor, and firmware, performing many important low-level tasks such as booting up the computer, controlling power levels, starting the main processor chips, verifying and booting the motherboard's firmware, and providing cryptographic functions. The engine is the first thing that runs when a machine is turned on. One of the first things it does is set up memory protections on its own built-in RAM so that other hardware and software cannot interfere with it. However, these protections are disabled by default, so there is a tiny time gap between when a system is turned on and the CSME executing the code in its boot ROM that installs these protections, which come in the form of input-output memory management unit (IOMMU) data structures called page tables.<\/p>

During this time gap, other hardware - physically connected or present on the motherboard - capable of firing a DMA transfer into the CSME's private RAM can overwrite variables and pointers and take over execution. At this point, the CSME can be seized for malicious purposes without the software running on top of it noticing. It's like a sniper shooting a sliver of a target while shooting past small cracks in a wall. The DMA write race can be attempted when the machine is powered on or awakens from sleep. If someone manages to extract this hardware key, they can unlock the chipset key and, with code execution within the CSME, undo Intel's root of trust in large product areas at once. When this happens, total chaos will reign. Hardware IDs will be spoofed, digital content will be extracted, and data from encrypted hard drives will be decrypted.<\/p><\/blockquote>\n\n\n\n

Therefore, the Mac should not be released<\/h3>\n\n\n\n

The exploit is not only hardware-based, it is also considered unpatchable. Anyone who passes their Mac on to third parties is making themselves vulnerable, as the security hole can only be exploited if attackers gain physical access to the device. Intel's advice is that the affected devices must remain in the "physical possession" of the owner. But not all Macs are affected. According to the report, Apple devices with the T1 and T2 security chips are not affected, as these are activated before the Intel chip when the Mac boots up, and the FileVault encryption codes are stored in the "Secure Enclave". Accordingly, only "older" devices are affected by the problem. (Photo by Jakub Jirsak \/ Bigstockphoto)<\/em><\/p>\n\n\n\n