For example, a number of Amazon e-book models use Intel EPID-based protection for digital rights management. This vulnerability is also dangerous because it facilitates the extraction of the root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) technologies in systems for protecting digital content from illegal copying.
#SOFTRAID OVERHEAD CPU SOFTWARE#
For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect. The bug can also be exploited in targeted attacks across the supply chain. Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Mark Ermolov, one of the other researchers who discovered the vulnerability and lead specialist of OS and hardware security at Positive Technologies, wrote: This unique key is known as the "fuse encryption key" or the “chipset key fuse,” as used in the Intel graphic below:Ī blog post published Monday expands on the things hackers might use the exploit for. Cloning the master-keyĮach Intel CPU has a unique key used to generate follow-on keys for things like Intel’s TPM, Enhanced Privacy ID, and other protections that rely on the features built into Intel silicon. The entire process takes about 10 minutes. While the attack requires the attacker to have brief physical access to the vulnerable device that's precisely the scenario TPM, Bitlocker, and codesigning are designed to mitigate. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip. Once in developer mode, an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people. The vulnerability-present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms-allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers.
#SOFTRAID OVERHEAD CPU INSTALL#
Intel is fixing a vulnerability that unauthorized people with physical access can exploit to install malicious firmware on the chip to defeat a variety of measures, including protections provided by Bitlocker, trusted platform modules, anti-copying restrictions, and others.
0 kommentar(er)
