The Intel chip flaw has the potential to affect cars and embedded systems, researchers have found.
The issue in question, CVE-2021-0146 allows testing or debugging modes on multiple processors, whereby an unauthorized person could utilize physical access to gain enhanced privileges. This particular bug was found in Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These platforms are used in embedded systems and mobile devices. The problem also affects IoT systems, like home appliances and smart home systems.
Intel is widely-known and towards the top of the IoT chip market. Some of its IoT processors are used by car manufacturers, including (according to unofficial sources), Tesla’s Model 3.
The flaw received a score of 7.1 on the CVSS 3.1 scale, and was identified by individuals from Positive Technologies and another independent researcher.
The debugging function has excessive privileges, and a lack of protection. Because of the vulnerability, an attacker is capable of extracting encryption keys from lost or stolen laptops. The bug can also be exploited via targeted supply chain attacks.
Manufacturers need to be more aware of security provisions in these functionalities in order to prevent the bypassing of built-in protection. If you need to fix the vulnerability in one of your devices, install the UEFI BIOS updates that have been published by the relevant electronic manufacturers.
Who’s Got Your Data?
Need an estimate? Request a quote below!