Lucene search

K
threatpostTara SealsTHREATPOST:53A062956C31459E2846CD4C959DFD49
HistoryNov 15, 2021 - 8:52 p.m.

High-Severity Intel Processor Bug Exposes Encryption Keys

2021-11-1520:52:27
Tara Seals
threatpost.com
30
security vulnerability
intel chips
encryption keys
privilege escalation
cve-2021-0146
uefi bios
pentium
celeron
atom processors
iot devices
iot chip market
tesla model 3
threat impact
cybercriminals
platform trust technology
epid technology
targeted attacks
intel csme firmware

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

31.9%

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content.

That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be.

The high-severity privilege-escalation issue is rated 7.1 out of 10 on the CVSS vulnerability-severity scale.

Register now for our LIVE event!

“[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” according to Intel’s advisory, issued last week.

In terms of scope, the vulnerability affects the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These chips power laptops, mobile devices, embedded systems, medical devices and a variety of internet of things (IoT) offerings.

“According to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom E3900 series IoT processors, which also contain the CVE-2021-0146 vulnerability, are used by car manufacturers in more than 30 models, including, according to unofficial sources, in Tesla’s Model 3,” PT noted in a writeup shared with Threatpost.

To address the issue, users should install the UEFI BIOS updates published by manufacturers of each piece of electronic equipment. The following processor models are affected:

Source: Intel.

CVE-2021-0146 Impact for End Users

When it comes to impact, an exploit would allow cybercriminals to extract a device’s encryption key and gain access to information.

“One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form,” said Mark Ermolov, a PT researcher who was credited with discovering the bug (along with PT’s Dmitry Sklyarov and independent researcher Maxim Goryachy).

The vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel’s Platform Trust Technology and Enhanced Privacy ID technologies, which are used to protect digital content from illegal copying, Ermolov added

“For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management,” he explained. “Using this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy and distribute them.”

Additionally, an exploit could allow cyberattackers to conduct targeted attacks across the supply chain, Ermolov noted.

“For example, an employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect,” he said.

Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials to Stop Attacks,”on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.

Register NOWfor the LIVE event!

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

31.9%