The security flaw affecting processors mostly used in mobile devices requires physical access and can be patched with a BIOS update.
security company Positive Technologiesreported a vulnerability in Intel’s low-power Goldmont and Goldmont Plus architectures that could potentially expose low-level security keys. Let’s note that security vulnerabilities are present in Apollo Lake and Gemini Lake-based Atom, Celeron and Pentium chips.
All of these low-power processors are used in embedded systems, mobile devices, and inexpensive laptops. Rumors have it that the Atom E3900 is in more than 30 cars, including the Tesla Model 3.
Positive Technologies reported the flaw to Intel before it was publicly released, and the vulnerability was given the reference code CVE-2021-0146. The vulnerability requires physical access to the computer. It is also said that the chip has been tricked into entering a test debug mode with extremely high privileges, where the root encryption keys can be extracted. Mark Ermolov from Positive said:
“The bug can also be used in targeted attacks throughout the supply chain. For example, an employee of an Intel processor-based device vendor could theoretically extract the Intel CSME firmware key and distribute spyware that the security software cannot detect.”
Fortunately, a UEFI BIOS update will be able to close the vulnerability. In this context, affected system owners were advised to wait for an update from the manufacturer of their device.
Source: Technopat by www.technopat.net.
*The article has been translated based on the content of Technopat by www.technopat.net. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!