Intel fixes a vulnerability that could allow unauthorized persons with physical access to install malicious firmware on the chip to circumvent a variety of measures, including protections by Bitlocker, trusted platform modules, anti-copy restrictions, and others.
The vulnerability, present in Pentium, Celeron and Atom CPUs on the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms, allows experienced hackers in possession of an affected chip to execute it in debug and test modes used by firmware developers. Intel and other chip makers do everything they can to prevent such unauthorized access.
Once in developer mode, an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event that TPM is used to store a Bitlocker key, disable that latter protection as well . An adversary can also bypass code signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem in vulnerable CPUs, and from there permanently behind the chip.
While the attack requires the attacker to have brief physical access to the vulnerable device, that’s exactly the scenario that TPM, Bitlocker, and co-design are designed to mitigate. The whole process takes about 10 minutes.
Clone the master key
Each Intel CPU has a unique key that is used to generate follow-up keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on the features built into Intel silicon. This unique key is known as the “fuse encryption key” or the “chipset key fuse” as used in the Intel image below:
“We found out that you can get this key from fuses,” Maxim Goryachy, one of the researchers who discovered the vulnerability, told me. “Basically, this key is encrypted, but we also found the way to decrypt it, and it allows us to run arbitrary code in the admin engine, extract bitlocker/tpm keys, etc.”
A blog post published Monday takes a closer look at the things hackers can use the exploit for. Mark Ermolov, one of the other researchers who discovered the vulnerability and chief OS and hardware security specialist at Positive Technologies, wrote:
An example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker could extract the encryption key and access information on the laptop. The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of a vendor of Intel processor-based devices would theoretically use the Intel CSME . can extract [converged security and management engine] firmware key and deploy spyware that security software would not detect. This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying. For example, some Amazon ebook models use Intel EPID-based protection for digital rights management. Using this vulnerability, an intruder could extract the root EPID key from a device (e-book) and then, after compromising Intel EPID technology, download electronic material from providers in file form, copy and distribute it.
Bloated, complex tertiary systems
In recent years, researchers have exploited many firmware and performance features in Intel products to circumvent fundamental security guarantees the company makes about its CPUs.
In October 2020, the same team of researchers extracted the secret key that encrypts updates for an assortment of Intel CPUs. Having a decrypted copy of an update can allow hackers to reverse engineer it and learn exactly how to exploit the hole being patched. The key could also allow parties other than Intel, such as a malicious hacker or hobbyist, to update chips with their own microcode, although that modified version would not survive a reboot.
In the past two years, researchers have also discovered at least four vulnerabilities in SGX, short for Software Guard eXtensions, which acts as an in-silicon digital vault for protecting users’ most sensitive secrets.
Intel has also shipped large numbers of CPUs with critical flaws in Boot Guard, the protection that prevents unauthorized users from using malicious firmware during the boot process. Researchers have also found irreparable holes in the Converged Security and Management Engine, which implements the Intel Trusted Platform Module.
Intel added the features to differentiate its CPUs from competitors. Concerns about the cost, performance overhead, and unreliability of these features have led Google and many other organizations to look for alternatives in building Trusted Computing Bases to protect sensitive data.
“In my view, Intel’s track record of delivering a worthy Trusted Compute Base, particularly around the ME [management engine] is disappointing, and that is charity,” security researcher Kenn White wrote in an email. “This work confirms the decision by Google and other major tech companies 5+ years ago to ditch Intel’s built-in management stack for custom, drastically slimmed down TCBs. If you don’t have bloated complex tertiary systems to maintain and amplify, you get it. added benefit that an attacker has no debug paths to exploit that complexity.”
Since early 2018, Intel has also been besieged by a steady stream of variants of attack classes known as Specter and Meltdown. Both attack classes take advantage of a performance boost known as speculative execution to give hackers access to passwords, encryption keys, and other data that should be off limits. While the bugs have bitten numerous chipmakers, Intel has been stung especially hard by Specter and Meltdown because many of its chips relied more on speculative execution than competitive ones.
Intel recently published this advisory, which rates the severity of the vulnerability as high. The updates arrive in a UEFI BIOS update available from OEMs or motherboard manufacturers. There is no evidence that the bug, tracked as CVE-2021-0146, was ever actively exploited in the wild, and the difficulty of doing so would deter all but the most experienced hackers from doing so.
“Users should keep systems up to date with the latest firmware and protect systems from unauthorized physical access,” Intel officials said in a statement. “Systems where the end of production was done by the OEM and where Intel Firmware Version Control (hardware anti-rollback) technology was enabled are much less at risk.”
Vulnerabilities like these will probably never be exploited in random attacks, but could, at least in theory, be used in cases where opponents with significant resources are pursuing high-value targets. In any case, install the update on all affected machines, but don’t worry if you don’t get around to it for a week or two.