Home News Intel Processor Vulnerability Could Allow Enhanced Privileges to Unauthorized Users

Intel Processor Vulnerability Could Allow Enhanced Privileges to Unauthorized Users

CVE-2021-0146 can be exploited to gain access to encrypted files, for espionage, and to bypass copyright protection.

SHARE
MediaTek, Intel Processor Vulnerability, chip
Read Aloud

Researchers at Positive Technologies recently discovered a flaw in Intel processors. The CVE-2021-0146 vulnerability enables testing or debugging modes on multiple Intel processor lines. This could allow an unauthorized user with physical access to obtain enhanced privileges on the system.

The vulnerability affects the Pentium, Celeron, and Atom processors of the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms, used in mobile devices, embedded systems, and IoT systems, such as smart home appliances, cars, and medical equipment.

The threat affects a wide range of ultra-mobile netbooks and a significant base of Intel-based Internet of Things (IoT) systems, from home appliances and smart home systems to cars and medical equipment.

 What are the vulnerability details?

The Intel website published the following vulnerability details:

CVEID: CVE-2021-0146

Description: Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Positive Technologies researchers said, in exploiting this vulnerability cybercriminals can:

  • Extract the encryption key and gain access to information on a laptop
  • Conduct targeted attacks across the supply chain

One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to the information within the laptop.

The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect.

As acknowledged by Intel, the bug, which received a score of 7.1 on the CVSS 3.1 scale, was identified by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies), and Maxim Goryachy (an independent researcher).

Why and how did this happen?

CISO MAG reached out to Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, for his take on the incident.

According to Ermolov, errors of this kind happen because vendors often don’t consider that the debugging tools integrated into their products are a possible attack vector.

“Vendors believe that the physical access required to operate them puts such attacks ‘out of scope’ in their security models. However, the reality is that modern platforms contain, in addition to the confidential data of users, the secret data of the manufacturer itself (the so-called Assets) — when extracting these assets, the entire system can be put at risk, including the personal data of users,” said Ermolov.

Also see:

Qualcomm’s MSM Chips’ Vulnerability Affects 40% of All Mobile Phones

What should manufacturers and users do?

In an official press release Positive Technology said: “To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.”

To fix the discovered vulnerability, users should install the UEFI BIOS updates published by the end manufacturers of the respective electronic equipment (notebooks or other devices).

“This is a firmware update, but unfortunately Intel does not explain which subsystem the patch affects. This could be a processor microcode update, power management controller firmware, Intel CSME firmware, or UEFI firmware. We do not know at the moment how exactly the error is fixed, but we are convinced that the error cannot be fixed at a fundamental level, since it is embedded in the hardware. It’s most likely that Intel has made a fix that simply prevents our Proof of Concept from working (which we sent to them with step-by-step explanations),” said Ermolov. 

How has Intel responded?

Intel is releasing firmware updates to mitigate this potential vulnerability. On its threat advisory page, Intel recommends that users of affected Intel processors update to the latest version provided by the system manufacturer that addresses these issues.

Meanwhile, laptop manufacturers using these Intel processors have started publishing firmware updates, and you should check the Drivers and Downloads sections on their websites.