Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device.
This vulnerability (CVE-2021-0146), identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years. It’s one of 25 security holes Intel revealed last week.
The insecure chip hardware permits the “activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” Intel explained in an advisory, which rates the bug with a CVSS score of 7.1. Exploitation of the hole does require physical access to the chips, an important caveat to note.
The vulnerable Atom, Celeron, and Pentium chips come from Intel’s Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms, which serve as the brains in various desktop, mobile, and embedded systems.
One example cited is the Atom E3900 embedded processors that are found in more than 30 car models, according to Intel, and, it’s claimed, in Tesla’s Model 3. These chips also drive assorted network appliances and IoT devices.
The bug was identified by Mark Ermolov and Dmitry Sklyarov from Positive Technologies, and independent researcher, Maxim Goryachy, and was responsibly disclosed to Intel.
Ermolov in a statement warned that one way this bug might be abused would be if a miscreant obtained a stolen laptop or notebook computer with vulnerable hardware.
“Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop,” he explained.
“The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect.”
An attacker can extract the encryption key and gain access to information within the laptop
Ermolov also said the bug can be abused to fetch the root encryption key that secures Intel Platform Trust Technology and Enhanced Privacy ID technologies. These are used, for example, to secure ebook content and prevent the unauthorized copying of protected content.
The bug arises from an insufficiently protected, overprivileged debugging system and the fix comes in the form of UEFI BIOS updates for affected devices.