The vulnerability affects the Pentium, Celeron, and Atom processors of the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms, used in mobile devices, embedded systems, and IoT systems, such as smart home appliances, cars, and medical equipment.

The threat affects a wide range of ultra-mobile netbooks and a significant base of Intel-based Internet of Things (IoT) systems, from home appliances and smart home systems to cars and medical equipment.

 What are the vulnerability details?

The Intel website published the following vulnerability details:

CVEID: CVE-2021-0146

Description: Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Positive Technologies researchers said, in exploiting this vulnerability cybercriminals can:

• Extract the encryption key and gain access to information on a laptop
• Conduct targeted attacks across the supply chain

One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to the information within the laptop.

The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could extract the Intel CSME firmware key and deploy spyware that security software would not detect.

As acknowledged by Intel, the bug, which received a score of 7.1 on the CVSS 3.1 scale, was identified by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies), and Maxim Goryachy (an independent researcher).

Why and how did this happen?

CISO MAG reached out to Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, for his take on the incident.

According to Ermolov, errors of this kind happen because vendors often don’t consider that the debugging tools integrated into their products are a possible attack vector.

“Vendors believe that the physical access required to operate them puts such attacks ‘out of scope’ in their security models. However, the reality is that modern platforms contain, in addition to the confidential data of users, the secret data of the manufacturer itself (the so-called Assets) — when extracting these assets, the entire system can be put at risk, including the personal data of users,” said Ermolov.

Also see:

Qualcomm’s MSM Chips’ Vulnerability Affects 40% of All Mobile Phones

What should manufacturers and users do?

In an official press release Positive Technology said: “To avoid problems in the future and prevent the possible bypassing of built-in protection, manufacturers should be more careful in their approach to security provision for debug mechanisms.”

To fix the discovered vulnerability, users should install the UEFI BIOS updates published by the end manufacturers of the respective electronic equipment (notebooks or other devices).

“This is a firmware update, but unfortunately Intel does not explain which subsystem the patch affects. This could be a processor microcode update, power management controller firmware, Intel CSME firmware, or UEFI firmware. We do not know at the moment how exactly the error is fixed, but we are convinced that the error cannot be fixed at a fundamental level, since it is embedded in the hardware. It’s most likely that Intel has made a fix that simply prevents our Proof of Concept from working (which we sent to them with step-by-step explanations),” said Ermolov. 

How has Intel responded?

Intel is releasing firmware updates to mitigate this potential vulnerability. On its threat advisory page, Intel recommends that users of affected Intel processors update to the latest version provided by the system manufacturer that addresses these issues.

Meanwhile, laptop manufacturers using these Intel processors have started publishing firmware updates, and you should check the Drivers and Downloads sections on their websites.

The post Intel Processor Vulnerability Could Allow Enhanced Privileges to Unauthorized Users appeared first on CISO MAG | Cyber Security Magazine.

The solution leverages the CPU-based threat detection to find and prevent ransomware attacks. It also integrates Intel Threat Detection Technology (TDT) capabilities with the Cybereason Defense Platform to deliver ransomware intelligence for threat detection and helps enterprises enhance their security capabilities.

Key Features of the Intel and Cybereason Joint Solution

• Enables enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioral prevention of ransomware.
• Eliminates blind spots to expose ransomware as it avoids detection in memory or hides in virtual machines while differentiating legitimate data encryption processes for business purposes.
• Enterprises can accelerate performance-intensive machine learning security algorithms by offloading to the Intel integrated graphics controller to boost capacity to analyze more data and do more security scans.
• Enterprises can bolster the performance of their security agent processing for better user experiences.

“This collaboration with Intel to add CPU based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware. The combination of best-of-class hardware, software, and security know-how provides defenders with full-stack visibility critical to ending the era of double extortion that is currently costing organizations hundreds of millions each year,” said Lior Div, CEO and Co-Founder, Cybereason.

“Ransomware was a top security threat in 2020, software alone is not enough to protect against ongoing threats. Our new 11th Gen Core vPro mobile platform provides the industry’s first silicon enabled threat detection capability, delivering the much-needed hardware-based protection against these types of attacks. Together with Cybereason’s multi-layered protection, businesses will have full-stack visibility from CPU telemetry to help prevent ransomware from evading traditional signature-based defenses,” said Stephanie Hallford, Client Computing Group Vice President and General Manager of Business Client Platforms at Intel.

The post Cybereason Partners with Intel for Hardware-Enabled Ransomware Prevention appeared first on CISO MAG | Cyber Security Magazine.

Microsoft has introduced a new security chip, “Pluton,” to its Windows PCs. The chip-to-cloud security technology, which  has already been used in Xbox and the Azure Sphere IoT security solution, aims to incorporate hardware and software security to avert cyberattack techniques and breaches.

What’s Different with Microsoft Pluton?

For the past 10 years and more, Windows PCs have been using the Trusted Platform Module (TPM) to store encryption keys and metrics that confirm the system’s integrity. However, the data is left exposed while passing through the communication channel (which is typically a Bus interface) between the TPM and the CPU. This could be fatal if the attacker has physical access to the system.

Microsoft’s Pluton chip aims to address this issue by storing the encryption keys and other critical data within the chip/processor itself. It means that with the implementation of Pluton, the need of a communication channel will be negated by building security directly into the CPU.

Related News:

Is Samsung’s New Data Security Chip a Game Changer?

Talking about the usefulness and the difference that Pluton will bring to the fore, Microsoft explained, “Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.”

Pluton also provides the unique Secure Hardware Cryptography Key (SHACK) technology that helps ensure keys are never exposed outside of the protected hardware, even to the Pluton firmware itself, providing an unprecedented level of security for Windows customers.

– Microsoft

Microsoft Partners for Chip-to-Cloud Security Integration

Microsoft is still uncertain about the timeline of releasing the Pluton chip to its end-users. However, they have already found efficient partners in Intel, AMD, and Qualcomm Technologies, who can potentially develop and integrate these chips with their future Windows PCs in record time.

Jason Thomas, head of product security, AMD said, “AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC. We design and build our products with security in mind and bringing Microsoft’s Pluton technology to the chip level will enhance the already strong security capabilities of our processors.”

Related News:

Japan, Canada and U.K. Welcome Google’s Security Key Called “Titan”

The post With Pluton, Microsoft Brings Chip-to-Cloud Security Tech to Windows PCs appeared first on CISO MAG | Cyber Security Magazine.

In a blogpost, Ruytenberg stated that Thunderspy flaws affect Windows and Linux devices that are manufactured before 2019. Attackers, who have the right hardware tools and a few minutes with the machine can bypass defenses, access, and copy the data on targeted computers. “All the attacker needs is five minutes alone with the computer, a screwdriver, and some easily portable hardware,” Ruytenberg said.

Vulnerabilities Found:

• Inadequate firmware verification schemes
• Week device authentication scheme
• Use of unauthenticated device metadata
• Downgrade attack using backward compatibility
• Use of unauthenticated controller configurations
• SPI Flash interface deficiency
• No Thunderbolt security on Boot camp

How Is the Attack Performed?

To carry out a Thunderspy attack on a vulnerable computer, an attacker is just required to unscrew the backplate, attach a device momentarily, reprogram the firmware (to control the Thunderbolt port), and reattach the backplate. Now the reprogrammed firmware allows the hacker to change Thunderbolt port settings and open the way for any malicious device to access it. Ruytenberg stated that this method works even when the device is locked with a password, its hard disk data is encrypted, and the Thunderbolt port access is disabled.

In a proof of concept video, Ruytenberg demonstrated that he was able to unscrew the bottom panel of a Thunderbolt-equipped ThinkPad to access its Thunderbolt controller.

“Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption,” Ruytenberg said.

The researcher reported the issue to Intel authorities with a report on Thunderbolt, discussing issues related to invasive physical attacks on Thunderbolt hosts and devices. Intel clarified that it has created a Thunderbolt security system known as Kernel Direct Memory Access Protection to prevent Thunderspy attacks. “While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled,” Intel said in a post.

The post Millions of Computers Open to Thunderbolt Port Vulnerabilities appeared first on CISO MAG | Cyber Security Magazine.

Intel gave the news via a new security blog which intends to serve as a resource for security updates, bug bounty topics, and latest security research among the cybersecurity community. The blog contains a detailed list of 18 security advisories. All the affected Intel products and corresponding remedial recommendations are mentioned at the end of every advisory. In the following table, updates are ordered from highest to lowest severity rating:

(Above list of advisories is as per the original list published in Intel’s Security Blog and not an independent research of CISO MAG)

James J Goetz joins Intel’s Board of Directors

Intel also announced the onboarding of James (Jim) J. Goetz to its Board of Directors’ list. The company in a recent release stated that it is “very happy to have Goetz on the board,” who has served as a partner of Sequoia Capital since 2004. He comes in with a vast knowledge of working in technology and innovation domain and currently serves on the boards of several privately held companies including Palo Alto Networks Inc.

“Jim has a keen understanding of how technology is evolving and a strong track record helping technology companies capitalize on disruptive innovation,” said Intel Chairman Andy Bryant. “Jim has helped create and grow a number of technology companies and product lines to market-leading positions, both as an entrepreneur and as an investor. Jim’s technical insight, substantial operating experience, growth mindset, and deep private and public company board experience, all will further strengthen Intel’s board.”

The post Intel Fixes 77 Vulnerabilities in Patch Tuesday, Announces New Appointment to Top Suite appeared first on CISO MAG | Cyber Security Magazine.