After AMD listed about 50 vulnerabilities affecting its EPYC CPUs and Radeon GPUs, this time it’s Intel that’s on the news. According to sources, a vulnerability has been revealed in Intel’s Goldmont and Goldmont Plus low-power architectures. This new threat has the potential to reveal low-level security keys.
Reports suggest that the chips which are affected by the vulnerability are Apollo Lake and Gemini Lake plus Refresh Atom, Celeron, and Pentium products. They’re all low-power chips used in embedded systems, mobile devices, and cheap laptops. No to mention that Intel’s Atom E3900 is also found in over 30 cars, including the Tesla Model 3, according to some rumors.
Security firm, Positive Technologies, has discovered this flaw in Intel before going public with the issue, and it has been assigned the reference CVE-2021-0146. This flaw requires physical access to the computer and sees the chip tricked into entering a test debugging mode that has excessively high privileges. After this, it is only a matter of seconds for the root encryption keys to be extracted.
“The bug can also be exploited in targeted attacks across the supply chain,” said Positive’s Mark Ermolov in a statement. “For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect.”
A UEFI BIOS update can plug the security hole, and owners of affected systems are advised to look out for an update from their device’s manufacturer.
