Flaw can be exploited to gain access to encrypted files, for espionage, and to bypass copyright protection
The CVE-2021-0146 vulnerability enables testing or debugging modes on multiple Intel processor lines. This could allow an unauthorized user with physical access to obtain enhanced privileges on the system.
This problem has been discovered in the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms, which are used in both mobile devices and embedded systems. The threat affects a wide range of ultra-mobile netbooks and a significant base of Intel-based Internet of Things (IoT) systems, from home appliances and smart home systems to cars and medical equipment. According to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom E3900 series IoT processors, which also contain the CVE-2021-0146 vulnerability, are used by car manufacturers in more than 30 models, including, according to unofficial sources, in Tesla’s Model 3.
The bug, which received a score of 7.1 on the CVSS 3.1 scale, was identified by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies) and Maxim Goryachy (an independent researcher).
“One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form,” says Mark Ermolov. “Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect. This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying. For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management. Using this vulnerability, an intruder might extract the root EPID key from a device (e-book), and then, having compromised Intel EPID technology, download electronic materials from providers in file form, copy and distribute them.”
According to Mark Ermolov, the vulnerability is a debugging functionality with excessive privileges, which is not protected as it should be. To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.
To fix the discovered vulnerability, install the UEFI BIOS updates published by the end manufacturers of the respective electronic equipment (notebooks or other devices).
MaxPatrol VM, a new-generation system in vulnerability management, will ensure continuous monitoring of vulnerabilities within the infrastructure. In the event of a successful attack, one way to detect penetration is to use SIEM-class systems (for example, MaxPatrol SIEM), which detect suspicious behavior on the server and promptly halt the advance of intruders within the corporate network.