A flaw found within certain Intel chips lets an attacker with physical access to the computer, known as an evil maid attack, install malicious firmware onto the chip. IT was identified by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies) and Maxim Goryachy (an independent researcher).
Bypassing Intel Chip Security
The flaw, tracked as CVE-2021-0146, is found in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms. The attacker could use debug and testing modes to extract the decryption key from the TPM module. If TPM is also used to store a Windows BitLocker key, that can also be bypassed. Then, malicious firmware could be installed on the chip as a permanent backdoor.
According to Mark Ermolov, the vulnerability is a debugging functionality with excessive privileges, which is not protected as it should be. To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.
The flaw affects a wide range of devices with these chips, such as cars, laptops, medical equipment, home appliances, and various Internet of Things (IoT) products.
Intel is actively working to patch the vulnerability so make sure you install the latest software or firmware updates for your devices.
2 thoughts on “Intel Chip Flaw Lets Attackers Install Malicious Firmware to Bypass Security”
The good part (for Mac users) is that these never went into a Mac model. Apple went from Haswell to Skylake to Kabylake, skipping these CPU gens entirely.
It’s always possible that this exploit could be expanded into more chipsets, but you’re sure to hear about it if someone figures out how.
Something like this happened with Apple’s T1 chip at some point and the news was acting like someone had nuked Cupertino. But when it happens to Intel, no matter how severe, they never mention that other companies make alternatives.