A serious security vulnerability in Intel processors and recommendations to update...

A serious security vulnerability in Intel processors and recommendations to update...
A serious security vulnerability in Intel processors and recommendations to update...
Researchers have discovered a vulnerability in some Intel processors that allows attackers to access encrypted data and install malicious firmware, and when misused, the vulnerability opens the door to breaching various security measures on the chip, according to a digitaltrend technical report.

Intel is already aware of this issue and has advised affected users to download the latest firmware update in order to protect their systems. The vulnerability affects older Intel processors, including Intel Pentium, Celeron, and Atom, which are based on the Gemini Lake, Gemini Lake Refresh and Apollo Lake platforms, and interestingly enough. It can only be exploited by hackers who actually own the chip – and only online access will put the processor at risk.

Because of this security flaw, capable hackers with the affected chip on hand are allowed to run it in patching and testing modules that firmware developers wouldn’t normally use and otherwise allow them to completely bypass security measures, including Bitlocker protection, TPM, anti-copy blocks, and more.

Access to developer mode allows an attacker to extract a data encryption key, which is typically stored on Intel CPUs in a TPM container. TPM stands for Trusted Platform Module, which is a microcontroller used to store keys, digital certificates, passwords, and other sensitive data. Bitlocker, using the wizard in developer mode also allows the attacker to crack the ultimate firewall.

In addition to accessing sensitive data, the hacker would also be able to compromise the Intel management engine and run unauthorized firmware on the chip, and the end result could be permanent access to the chip that is likely to be undetected for an indefinite period of time.

The whole process of getting to the processor and getting around the security measures takes only 10 minutes, which means that those with short access to the chip can cause a massive security breach in no time.

This vulnerability was first discovered and reported by researchers Mark Ermolov, Dmitry Sklyarov and Maxim Guryachi, and they reported to Intel and talked about the vulnerability, revealing more details about the potential breach, and then reported the situation to Ars Technica in more detail.

And we found out that you can extract this key from the security valves basically, and that key is encrypted, but we also found a way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract Bitlocker/TPM keys, etc.,” Gouriachi told Ars. Technica.

And this isn’t the first time that Intel products have been targeted with various hacking attempts, and in 2020, the same research team discovered a potential vulnerability that allowed attackers to decrypt several Intel updates, and there were also flaws in Intel Boot Guard and Software Guard Extensions. With the latest detected vulnerability as critical and given a high risk rating, there have been no reports of users being exposed to this security breach and Intel advises owners of affected processors to simply install the latest firmware update in order to enhance the security of their CPUs.

These were the details of the news A serious security vulnerability in Intel processors and recommendations to update... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.

It is also worth noting that the original news has been published and is available at eg24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.

Author Information

I am Jeff King and I’m passionate about business and finance news with over 4 years in the industry starting as a writer working my way up into senior positions. I am the driving force behind Al-KhaleejToday.NET with a vision to broaden the company’s readership throughout 2016. I am an editor and reporter of “Financial” category. Address: 383 576 Gladwell Street Longview, TX 75604, USA Phone: (+1) 903-247-0907 Email: [email protected]