Security News > 2021 > November > High-Severity Intel Processor Bug Exposes Encryption Keys
A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content.
"[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access," according to Intel's advisory, issued last week.
"According to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom E3900 series IoT processors, which also contain the CVE-2021-0146 vulnerability, are used by car manufacturers in more than 30 models, including, according to unofficial sources, in Tesla's Model 3," PT noted in a writeup shared with Threatpost.
The vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel's Platform Trust Technology and Enhanced Privacy ID technologies, which are used to protect digital content from illegal copying, Ermolov added.
A number of Amazon e-book models use Intel EPID-based protection for digital rights management," he explained.
An employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect," he said.
News URL
https://threatpost.com/intel-processor-bug-encryption-keys/176355/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-17 | CVE-2021-0146 | Unspecified vulnerability in Intel products Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. low complexity intel | 6.8 |