2021 11 16
Intel is fixing a vulnerability that unauthorized people with physical access can exploit to install malicious firmware on the chip to defeat a variety of measures, including protections provided by Bitlocker, trusted platform modules, anti-copying restrictions, and others.
The vulnerability—present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms—allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people.
Once in developer mode, an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.
Cloning the master-key
Each Intel CPU has a unique key used to generate follow-on keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on the features built into Intel silicon. This unique key is known as the “fuse encryption key” or the “chipset key fuse,” as used in the Intel graphic below:
“We found out that you can extract this key from security fuses,” Maxim Goryachy, one of the researchers who discovered the vulnerability, told me. “Basically, this key is encrypted, but we also found the way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract bitlocker/tpm keys, etc.”
A blog post published Monday expands on the things hackers might use the exploit for. Mark Ermolov, one of the other researchers who discovered the vulnerability, wrote:
One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME [converged security and management engine] firmware key and deploy spyware that security software would not detect. This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying. For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management. Using this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy and distribute them.
Bloated, complex tertiary systems
Over the past few years, researchers have exploited a host of firmware and performance features in Intel products to defeat fundamental security guarantees the company makes about its CPUs.
In October 2020, the same team of researchers
that encrypts updates to an assortment of Intel CPUs. Having a decrypted copy of an update may allow hackers to reverse-engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say, a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.
In the past two years researchers have also uncovered at least four vulnerabilities in SGX, short for Software Guard eXtensions, which acts as an in-silicon digital vault for securing users’ most sensitive secrets.
Intel has also shipped large numbers of CPUs with critical
, the protection that prevents unauthorized people from running malicious firmware during the boot process. Researchers have also found
in the Converged Security and Management Engine, which implements the Intel Trusted Platform Module.
Intel has added the features as a way to differentiate its CPUs from competitors. Concerns about the cost, performance overhead, and unreliability of these features has sent Google and many other organizations in search of alternatives when building so-called Trusted Computing Bases for protecting sensitive data.
“In my view, Intel’s record on delivering a worthy Trusted Compute Base, particularly around the ME [management engine] is disappointing, and that’s being charitable,” security researcher Kenn White wrote in an email. “This work further validates Google and other large tech companies’ decision 5+ years ago to jettison Intel’s built-in management stack for bespoke, dramatically skimmed down TCBs. When you don’t have bloated complex tertiary systems to maintain and harden, you get the added benefit of no debugging paths for an attacker to exploit that complexity.”
Since the beginning of 2018, Intel has also been besieged by a steady stream of variants of attack classes known as Spectre and Meltdown. Both attack classes abuse a performance enhancement known as speculative execution to allow hackers to access passwords, encryption keys, and other data that’s supposed to be off-limits. While the bugs have bitten numerous chipmakers, Intel has been stung particularly hard by Spectre and Meltdown because many of its chips have relied more heavily on speculative execution than competing ones do.
Intel recently published this advisory, which rates the vulnerability severity as high. The updates arrive in a UEFI BIOS update that’s available from OEMs or motherboard manufacturers. There’s no evidence that the bug, tracked as CVE-2021-0146, has ever been actively exploited in the wild, and the difficulty of doing so would prevent all but the most skilled hackers from being able to do so.
“Users should keep systems up to date with the latest firmware and guard systems against unauthorized physical access,” Intel officials said in a statement. “Systems where end of manufacturing was performed by the OEM and where Intel Firmware Version Control technology (hardware anti-rollback) was enabled are at far less risk.”
Vulnerabilities like this one aren’t likely to ever be exploited in indiscriminate attacks but could, at least theoretically, be used in cases where adversaries with considerable resources are pursuing high-value targets. By all means install the update on any affected machines, but don’t sweat it if you don’t get around to it for a week or two.