Security News > 2021 > November > High-Severity Intel Processor Bug Exposes Encryption Keys

High-Severity Intel Processor Bug Exposes Encryption Keys
2021-11-15 20:52

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content.

"[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access," according to Intel's advisory, issued last week.

"According to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom E3900 series IoT processors, which also contain the CVE-2021-0146 vulnerability, are used by car manufacturers in more than 30 models, including, according to unofficial sources, in Tesla's Model 3," PT noted in a writeup shared with Threatpost.

The vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel's Platform Trust Technology and Enhanced Privacy ID technologies, which are used to protect digital content from illegal copying, Ermolov added.

A number of Amazon e-book models use Intel EPID-based protection for digital rights management," he explained.

An employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect," he said.


News URL

https://threatpost.com/intel-processor-bug-encryption-keys/176355/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-0146 Unspecified vulnerability in Intel products
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
low complexity
intel
6.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539