2 min Security

Intel fixed leaks that can be used to install malicious firmware

Last week, Intel rolled out fixes for some vulnerabilities that allowed attackers to install malicious firmware in millions of computers using Intel CPUs.

The number of sensitive documents stored on computers over the past ten years has increased. This prompted hardware and software developers to invest more money in security against physical attacks if the documents get lost or stolen.

Intel has just released patches for vulnerabilities in their CPUs, which put these documents at risk.

The flaws allowed hackers with physical access to evade a protection build into Intel’s modern CPUs that do not allow unauthorized firmware installation during the boot process. It is known as the Boot Guard and it specifically puts security right into the silicon.

Establishing security trust

With protections like that, Intel ensures that the chain of trust is unimpeachable. The Boot Guard ensures that all the firmware loaded has a digital signature from the computer’s manufacturer.

The protection also prevents people from tampering with the SPI-connected flash chip where the UEFI is stored. The UEFI is a piece of firmware that bridges the PC’s device firmware with the operating system.

The physical hacks happen when attackers put in their hardware inside a computer using chip programming tools like Dediprog. They replace the official firmware with malicious versions to gain control of systems.

A silent watcher

An attacker who manages to bypass Boot Guard successfully can carry out malicious activities when the device wakes up. Such activities include gaining access to all the data stored on a computer without needing a password or decryption keys.

The attackers can infect the machine with a rootkit, which is very hard to detect. Such kits run on System Management Mode (the NSA is reported to have similar implants.)

Attacks of this kind are limited because the attacker needs to install hardware physically where the machine is.