Intel CPU flaw could enable hackers to attack PCs, cars, and medical devices`
Security researchers have discovered a bug in Intel CPUs that could enable a hacker with physical access to obtain enhanced privileges on the system.
According to a report by researchers at Positive Technologies, the problem exists in the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These processors are used in both mobile devices and embedded systems, meaning everything from ultrabooks to Internet of Things (IoT) devices are affected.
Mark Ermolov, the security researcher at Positive Technologies who discovered the vulnerability alongside Dmitry Sklyarov (also from Positive Technologies) and Maxim Goryachy (an independent researcher), said one example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. “Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect,” he said.