Researchers find vulnerability in certain low powered Intel chips, but good news is that patches are available for download now
Researchers have uncovered security vulnerabilities in a series of low powered processors from chip giant Intel.
Positive Technologies it should be remembered found a flaw in Intel processors in March 2020, namely the Converged Security Management Engine, that could have allowed attackers to remotely extract root cryptographic keys. It said at the time that the issue affected all Intel chips manufactured in the past five years.
This new vulnerability however affects Pentium, Atom and Celeron chips, with the Apollo Lake and Gemini Lake architectures.
These low powered chips are often found in laptops, tablets and even cars, but the good news is that the attacker would require physical access to the chip, and there is already a patch available.
However the vulnerability means it is fairly easy (it reportedly takes only 10 minutes) for skilled hackers with local access to a device, to steal security keys.
Basically the hacker can obtain the “fuse encryption key” unique to each CPU.
Therefore the advice is to install the Intel update, which is available as a BIOS update for motherboards, or from device manufacturers, as soon as possible.
The vulnerability allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers.
Intel and other chipmakers of course usually go to great lengths to prevent such access by unauthorised personnel, Ars Technica reported.
Once in developer mode, the hacker can extract the key used to encrypt data stored in the TPM enclave, and in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well.
A hacker could also reportedly bypass code-signing restrictions that prevent unauthorised firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.
Each Intel processor has a unique key used to generate follow-on keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on the features built into Intel silicon.
But the hacker can cloning the master-key.
“We found out that you can extract this key from security fuses,” Maxim Goryachy, one of the researchers who discovered the vulnerability, told Ars Technica. “Basically, this key is encrypted, but we also found the way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract bitlocker/tpm keys, etc.”
The good news as previously mentioned is the hacker requires physical access and Intel has already released an update.
In its advisory on the matter, Intel rated the vulnerability severity as high.
“A potential security vulnerability in some Intel Processors may allow escalation of privilege,” it stated. “Intel is releasing firmware updates to mitigate this potential vulnerability.”
“Intel recommends that users of affected Intel Processors update to the latest version provided by the system manufacturer that addresses these issues,” it added.
The final piece of good news is that there is no evidence (as yet) of the flaw being actively exploited in the wild.
Computer chips have been subjected to a number of security scares over the years.
In 2015 for example, researchers found that older Intel processors contain a security vulnerability that could allow attackers to gain control of system hardware and implant rootkits into the processor’s firmware.
The Spectre and Meltdown bugs affected virtually every processor made by Intel, AMD and ARM during the past 20 years.
Essentially, the vulnerabilities affected the kernel of the chips and allowed an attacker to read information that should otherwise be inaccessible. This meant an attacker could obtain passwords, encryption keys or steal information from other applications.
A year later in March 2019 researchers at Worcester Polytechnic Institute and the University of Lübeck found the Spoiler flaw could allow attacker to exploit how a PC’s memory works.