The vulnerability that unauthorized people with physical access can exploit to install malicious firmware on a chip is being fixed by Intel.
The Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms have a vulnerability that allows skilled hackers with possession of an affected chip to run it in testing and debug modes. Intel and other chipmakers go to great lengths to prevent unauthorized access.
In the event that TPM is used to store a Bitlocker key, an attacker can extract the key used to protect the data and defeat the protection. The Intel Management Engine, a subsystem inside vulnerable CPUs, could be bypassed by an adversary, which could cause a permanent back door to the chip.
The scenario TPM, Bitlocker, and codesigning are designed to mitigate is when the attacker only has brief physical access to the device. The process takes about 10 minutes to complete.
The features built into Intel Silicon allow for follow-on keys for things like Intel's TPM, Enhanced Privacy ID, and other protections. The "chipset key fuse" is a unique key.
One of the researchers who discovered the vulnerability told me that they found a way to get the key. We found a way to decode the key, which allowed us to execute arbitrary code inside the management engine, extract bitlocker/tpm keys, and so on.
A post published Monday expands on the things that could be done with the exploit. One of the researchers who discovered the vulnerability wrote.
One example of a real threat is the loss or theft of laptops that contain confidential information. An attacker can gain access to the laptop with this vulnerability. The bug can be used in attacks on the supply chain. An employee of an Intel processor-based device supplier could extract the Intel CSME and use it to deploy spyware that would not be detected by security software. This vulnerability is dangerous because it facilitates the extraction of the root encryption key used in the Intel technologies for protecting digital content from illegal copying. Many Amazon e-book models use protection from Intel. An attacker can use this vulnerability to steal the root EPID key from a device and then use it to download electronic materials from providers in file form.
Complex tertiary systems were Bloated.
Over the past few years, researchers have been able to defeat fundamental security guarantees of Intel products by exploiting a host of performance and performance features.
In October 2020, the same team of researchers obtained the secret key that protects Intel updates. A decrypted copy of an update may allow a hacker to reverse engineer it and learn how to exploit the hole it's patching. The key may allow parties other than Intel to update their chips with their own microcode, although that version wouldn't survive a reboot.
