Low-power Intel chips hit by new security breach


A vulnerability has been revealed in Intel’s Goldmont and Goldmont Plus low-power architectures that could potentially reveal low-level security keys, according to security firm Positive Technologies (via via The Register).

Intel logo

(Image credit: Shutterstock)

The chips in question are the Apollo Lake and Gemini Lake (plus Refresh) Atom, Celeron and Pentium products. These are all low-power chips used in embedded systems, mobile devices, and inexpensive laptops. The Atom E3900 is also present in more than 30 cars, including the Tesla Model 3 (if you believe a guy on twitter).

Positive Technologies responsibly disclosed the flaw to Intel (which posted a notice) before it went public, and it was assigned the reference CVE-2021-0146. It requires physical access to the computer and sees the chip brought into a test debug mode with excessively high privileges, from which the root encryption keys can be extracted. “The bug can also be exploited in targeted attacks throughout the supply chain,” Positive’s Mark Ermolov said in a statement. “For example, an employee of an Intel processor-based device vendor could, in theory, extract the Intel CSME firmware key and deploy spyware that security software wouldn’t detect. “

An update to the UEFI BIOS can plug the security hole, and owners of affected systems are advised to seek an update from their device manufacturer.


About Author

Comments are closed.