Positive Technologies security researchers have identified a vulnerability in Intel CPUs, allowing an attacker with physical access to a device to gain enhanced privileges on the system.
The vulnerability was discovered by Positive Technologies’ Mark Ermolov and Dmitry Sklyarov in collaboration with independent researcher Maxim Goryachy.
On the other hand, Intel issued a security advisory classifying the vulnerability as a high-severity privilege-escalation flaw. On the CVSS vulnerability severity scale, it is rated 7.1 out of 10.
About the vulnerability
Positive Technologies published a report to explain the vulnerability discovered in the Pentium Celeron and Atom processors affecting Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms.
It is worth noting that the affected processors are used in mobile devices and embedded systems, and this means all devices from Ultrabooks to the Internet of Things are impacted.
Ermolov revealed that the vulnerability is a debugging functionality having excessive privileges. This functionality isn’t as appropriately protected as it should be. It is essential to secure debug mechanisms properly. Otherwise, similar flaws will keep appearing.
“Hardware allows activation of the test or debugs logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” Intel’s advisory read.
Which Devices are Impacted?
Researchers further noted that the threat impacts a wide range of “ultra-mobile netbooks” and several Intel-based IoT devices/systems. This includes smart home systems, home appliances, cars, and medical equipment.
As per research from Mordor Intelligence, Intel currently holds the fourth spot in the IoT chip market, and car manufacturers use Intel Atom E3900 series IoT processors, which reportedly contain the vulnerability (tracked as CVE-2021-0146). These processors are used in over 30 car models, supposedly including Tesla Model 3.
How Could it be Exploited?
Researchers noted that the concerning part is that lost or stolen laptops contain sensitive, confidential data in encrypted form. By exploiting the flaw, attackers can obtain the encryption key and access the data stored in the laptop. Moreover, attackers can exploit the bug to launch targeted attacks against the supply chain.
“For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect,” researchers explained in their report.
According to Ermolov, the vulnerability could facilitate extraction of the root encryption keys used in Intel Platform Trust Technology (PTT) and Intel Enhanced Privacy ID (EPID) technologies, which are embedded in the system to safeguard digital content illegal copying.
Additionally, numerous models of Amazon e-book user Intel EPID-based technologies to protect digital rights management. Exploiting this flaw, an attacker can easily extract the root EPID key from the device/e-book. Through compromising Intel EPID, an intruder can download digital content in file format and copy or distribute them conveniently.
How to Fix it?
You can fix the flaw by downloading/installing the UEFI BIOS update released by the end manufacturers of the impacted electronic devices.