Intel Low-power Chips Hit by New Security Flaw

News
By Ian Evenden
published

Debug mode has 'excessive privileges'

Celeron, Atom and Pentium logos
(Image credit: Intel)

A vulnerability has been revealed in Intel’s Goldmont and Goldmont Plus low-power architectures that could potentially reveal low-level security keys, according to security firm Positive Technologies (via by The Register). 

Intel logo

(Image credit: Shutterstock)

The chips in question are Apollo Lake and Gemini Lake (plus Refresh) Atom, Celeron, and Pentium products. They’re all low-power chips used in embedded systems, mobile devices, and cheap laptops. The Atom E3900 is also found in over 30 cars, including the Tesla Model 3 (if you believe a guy on Twitter).

Positive Technologies responsibly disclosed the flaw to Intel (which has put out an advisory) before going public, and it has been assigned the reference CVE-2021-0146. It requires physical access to the computer and sees the chip tricked into entering a test debugging mode that has excessively high privileges, from which root encryption keys can be extracted. “The bug can also be exploited in targeted attacks across the supply chain,” said Positive’s Mark Ermolov in a statement. “For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect.”

A UEFI BIOS update can plug the security hole, and owners of affected systems are advised to look out for an update from their device’s manufacturer.

Ian Evenden
Ian Evenden
Freelance News Writer

Ian Evenden is a UK-based news writer for Tom’s Hardware US. He’ll write about anything, but stories about Raspberry Pi and DIY robots seem to find their way to him.

See more CPUs News
3 Comments Comment from the forums
  • digitalgriffin
    These low power embedded systems are EXTREMELY Niche. I know I looked at them as a possible pfSense device. But they were fabricated on 14nm and Intel was in a supply crunch for 14nm so production was EXTREMELY limited as profits were not to be found in this super low end. UEFI updates for existing devices are extremely unlikely.
    Reply
  • Howardohyea
    digitalgriffin said:
    These low power embedded systems are EXTREMELY Niche. I know I looked at them as a possible pfSense device. But they were fabricated on 14nm and Intel was in a supply crunch for 14nm so production was EXTREMELY limited as profits were not to be found in this super low end. UEFI updates for existing devices are extremely unlikely.
    don't underestimate the number of budget laptops/embedded products. Furthermore a security update is the least Intel could do to resolve this issue, you can't let a loopehole like this go unnoticed without the general public starting to blame Intel for not doing a security patch.
    Reply
  • InvalidError
    Howardohyea said:
    don't underestimate the number of budget laptops/embedded products. Furthermore a security update is the least Intel could do to resolve this issue, you can't let a loopehole like this go unnoticed without the general public starting to blame Intel for not doing a security patch.
    Any "exploit" that requires physical access is of low to no consequence to most people as whatever device the CPU was in is likely already stolen at that point and unless you were running FDE on all media that may have been with it, all of your unencrypted data is fair game.
    Reply