HomeTechnologyAnother Intel Chip Flaw Puts a Slew of Gadgets at

Another Intel Chip Flaw Puts a Slew of Gadgets at


master mentalism tricks

Intel is fixing a vulnerability that unauthorized people with physical access can exploit to install malicious firmware on a chip to defeat a variety of measures, including protections provided by Bitlocker, trusted platform modules, anti-copying restrictions, and others.

The vulnerability—present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms—allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people.

Once in developer mode, an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat the latter protection as well. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.

While the attack requires the attacker to have brief physical access to the vulnerable device, that’s precisely the scenario TPM, Bitlocker, and codesigning are designed to mitigate. The entire process takes about 10 minutes.

Each Intel CPU has a unique key used to generate follow-on keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on the features built into Intel silicon. This unique key is known as the “fuse encryption key” or the “chipset key fuse.”

“We found out that you can extract this key from security fuses,” Maxim Goryachy, one of the researchers who discovered the vulnerability, told me. “Basically, this key is encrypted, but we also found the way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract bitlocker/tpm keys, etc.”

A blog post published Monday expands on the things hackers might use the exploit for. Mark Ermolov, one of the researchers who discovered the vulnerability, wrote:

One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME [converged security and management engine] firmware key and deploy spyware that security software would not detect. This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying. For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management. Using this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy, and distribute them.

Bloated, Complex Tertiary Systems

Over the past few years, researchers have exploited a host of firmware and performance features in Intel products to defeat fundamental security guarantees the company makes about its CPUs.

In October 2020, the same team of researchers extracted the secret key that encrypts updates to an assortment of Intel CPUs. Having a decrypted copy of an update may allow hackers to reverse-engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say, a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Hollywood Spotlight: Director Jon Frenkel Garcia
The Dutchman Cast: André Holland, Zazie Beetz & More Join
The Creator Reactions: Gareth Edwards’ Latest Is One of 2023’s
Company Paid Critics For Rotten Tomatoes Reviews
‘IWTV’ Season 2 Photos: Louis & Claudia at the Théâtres
Monsieur Spade Season 1 Episode 6 Review: Call Me Sam
CSI: Vegas Season 3 Episode 1 Review: The Reaper
Tracker Season 1 Episode 2 Review: Missoula
Marbyllia’s “Uncountable Spheres” 
Pacific Northwest-based Johnny Wheels and the Swamp Donkeys Release New Record
Bray Releases “Oceanography”
Ava Della Pietra Releases New Single/Video
9 Boob Tapes That Work For All Busts, Shapes, and
Here’s Why Apple Cider Vinegar Is the Ingredient Your Hair
I Travel a Lot for Work—These Are the Useful Items
The Best Street Style Looks From the Fall 2023 Couture
No Preview
The Women: Recap & Summary
Targeting Demographic Data to Skew Reality: Book Censorship News, February
This Fantastical Journey Through the Cosmos Explores the Enduring Power
Summary and Review: The Women by Kristin Hannah
Clarifying the cause of Guillain-Barré Syndrome
The Great American Total Solar Eclipse of 2024
‘Completely surreal’: Metal detectorist unearths 1,500-year-old gold ring in Denmark
15 mind-bending scientific riddles to enjoy solving with your family
Comedy or Tragedy?
BYD Atto 3 Electric SUV With Blade Battery Technology Launched
Bitcoin Falls to $19,000 in Anticipation of Tighter Fed Policy
Portugal’s Ministry of Finance Eyeing a Capital Gains Tax for