A flaw found within certain Intel chips lets an attacker with physical access to the computer, known as an evil maid attack, install malicious firmware onto the chip. IT was identified by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies) and Maxim Goryachy (an independent researcher).
Bypassing Intel Chip Security
The flaw, tracked as CVE-2021-0146, is found in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms. The attacker could use debug and testing modes to extract the decryption key from the TPM module. If TPM is also used to store a Windows BitLocker key, that can also be bypassed. Then, malicious firmware could be installed on the chip as a permanent backdoor.
According to Mark Ermolov, the vulnerability is a debugging functionality with excessive privileges, which is not protected as it should be. To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.
The flaw affects a wide range of devices with these chips, such as cars, laptops, medical equipment, home appliances, and various Internet of Things (IoT) products.
Intel is actively working to patch the vulnerability so make sure you install the latest software or firmware updates for your devices.