Another Intel Chip Flaw Exposes Encryption Keys
According to Positive Technologies, a Russian cybersecurity firm, a security vulnerability in Intel chips allow encrypted file access. The flaw also gives hackers the ability to bypass copyright protection for digital content. Positive Technologies found that the vulnerability ( CVE-2021-0146 ) is caused by a debugging functionality with excessive privileges. According to Intel, the flaw allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to enable escalation of privilege.
The flaw affects Pentium, Celeron and Atom processors in the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These chips power laptops, mobile devices, embedded systems, medical devices and IoT devices. According to a study by Mordor Intelligence, Intel is fourth in the IoT chip market and used by several car manufacturers. The flaw could allow hackers to extract a device's encryption key and gain access to information. The vulnerability is also dangerous because it allows hackers access to the root encryption key used in Intel's Platform Trust Technology and Enhanced Privacy ID technologies, which are used to protect digital content from illegal copying. The flaw also allows hackers to target attacks across the supply chain.
Once in developer mode, a hacker can extract the key used to encrypt data stored in the TPM and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. A hacker could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.
To fix the flaw, users should install the UEFI BIOS updates released by the manufacturers. Intel has released the security fixes for the flaw but it is the responsibility of Mother Board vendors to push this BIOS update to their customers further. But since vendors won't provide BIOS support or security patches for older products, the bug that will not be fixed anytime soon for the customers who need it.