Another Intel Chip Flaw Puts Many Gadgets at Risk
Intel is fixing it a vulnerability that unauthorized persons with physical access can take advantage of by installing malicious firmware on a chip to circumvent various measures, including the protections provided by Bitlocker, reliable ones platform module, copy restrictions, etc.
the FRAILTY—Available on Pentium, Celeron, and Atom CPUs on Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms — allows skilled hackers to have an impact chip to run it in the debug and testing modes used by firmware developers. Intel and other chipmakers are working hard to prevent such access by unauthorized persons.
Once in developer mode, an attacker can retrieve the key used previously data encryption stored in the TPM enclave and, if the TPM is used to store a Bitlocker key, also loses later protection. An adversary can also bypass code signing restrictions that prevent unauthorized firmware from running. Intel Management Engine, a subsystem within weak CPUs, and from there the chip is permanently backdoor.
While the attack requires the attacker to have short-term physical access to the vulnerable device, that is exactly the scenario that TPM, Bitlocker, and codesigning are designed to minimize. The whole process takes about 10 minutes.
Each Intel CPU has a unique key that is used to generate follow-on keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on features built into Intel silicon. This unique key is known as the “fuse encryption key” or the “chipset key fuse.”
“We know you can get this key from security fuses,” Maxim Goryachy, one of the researchers who discovered the vulnerability, told me. “Basically, this key is encrypted, but we also found a way to decrypt it, and it allowed us to execute arbitrary code inside the management machine, retrieve bitlocker / tpm keys, and etc. “
A blog post published on Monday expands on items that can be used by hackers to exploit. Mark Ermolov, one of the researchers who discovered the vulnerability, wrote:
An example of a real threat is lost or stolen laptops with confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to information inside the laptop. The bug can also take advantage of targeted attacks throughout the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, acquire Intel CSME [converged security and management engine] key in the firmware and deploy the spyware not detected by the security software. This vulnerability is also dangerous because it facilitates the retrieval of the root encryption key used by Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying. . For example, many Amazon e-book models use Intel EPID-based protection for digital rights management. Using this vulnerability, an attacker can extract the EPID root key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from the provider of the file form, copy, and distribute it.
Broken, Complex Tertiary System
Over the past few years, researchers have taken advantage of many firmware and performance features on Intel products to beat the basic security guarantees the company makes about its CPUs.
In October 2020, the same group of researchers removed the secret key which encrypts updates to various Intel CPUs. Having a decrypted copy of an update can allow hackers to reverse-engineer it and learn exactly how to take advantage of the hole it treats. The key could also allow parties other than Intel — say, a malicious hacker or a hobbyist — to update chips using their own microcode, even if that customized version doesn’t survive one. to reboot.