25th November 2021, Kathmandu
Researchers at Positive Technologies recently found a vulnerability in Intel processors. The CVE-2021-0146 vulnerability empowers testing or investigating modes on various Intel processor lines. This could permit an unauthorized user with actual access to obtain enhanced privileges on the system.
The vulnerability affects the Pentium, Celeron, and Atom processors of the Apollo Lake, Gemini Lake, and Gemini Lake Refresh stages, utilized in cell phones, embedded systems, and IoT systems, like smart home appliances, vehicles, and clinical instruments.
The threat affects a wide range of ultra-portable netbooks and a huge base of Intel-based Internet of Things (IoT) systems, from home machines and smart home systems to vehicles and clinical instruments.
What are the vulnerability details?
The Intel site published the given vulnerability details:
CVEID: CVE-2021-0146
Description: Hardware permits activation of the test or debugs logic at runtime for some Intel(R) processors which might permit an unauthenticated user to possibly enable escalation of privilege through physical access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Positive Technologies specialists said, in exploiting this vulnerability cybercriminals can:
- Extract the encryption key and get access to data on a laptop
- Direct designated attacks across the supply chain
One illustration of a real threat is lost or stolen laptops that contain secret data in encoded form. Utilizing this vulnerability, an attacker can extract the encryption key and get close enough to the data in the laptop.
The bug can likewise be exploited in designated attacks across the supply chain.
For instance, a worker of an Intel processor-based device provider could extract the Intel CSME firmware key and send spyware that security software would not detect.
As recognized by Intel, the bug, which got a score of 7.1 on the CVSS 3.1 scale, was distinguished by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies), and Maxim Goryachy (an independent researcher).
Why and how did this occur?
CISO MAG connected with Mark Ermolov, Lead researcher of OS and Hardware Security at Positive Technologies, for his interpretation of the incident.
“Sellers accept that the actual access needed to work them puts such attacks out of extension in their security models.
Notwithstanding, actually current stages contain, notwithstanding the private information of clients, the privileged information of the actual maker (the supposed Assets) — while extricating these resources, the whole infrastructure can be put at risk, including the individual information of clients,” said Ermolov.
How should makers and clients respond?
In an authority official statement Positive Technology said: “To keep away from issues later on and forestall the conceivable bypassing of inherent insurance, makers ought to be more cautious in their way to deal with security infrastructure for investigate components.”
To fix the found vulnerability, clients ought to introduce the UEFI BIOS refreshes distributed by the end producers of the separate electronic devices.
“This is a firmware update, however lamentably Intel doesn’t clarify which subsystem the fix influences. This could be a processor microcode update, power the executive’s regulator firmware, Intel CSME firmware, or UEFI firmware.
We don’t know right now how precisely the mistake is fixed, however, we are persuaded that the blunder can’t be fixed at a central level, since it is installed in the devices. All things considered, Intel has made a fix that just keeps our Proof of Concept from working (which we shipped off them with bit by bit clarifications),” said Ermolov.
How has Intel reacted?
Intel is delivering firmware updates to moderate this possible vulnerability. On its page, Intel suggests that clients of impacted Intel processors update to the most recent adaptation given by the infrastructure maker that resolves these issues.
In the interim, PC producers utilizing these Intel processors have begun distributing firmware updates, and you should check the Drivers and Downloads segments on their sites.
