Hackers Can Use Just-Fixed Intel Bugs to Install Malicious Firmware on PCs
upstart writes in with an IRC submission:
Hackers can use just-fixed Intel bugs to install malicious firmware on PCs:
As the amount of sensitive data stored on computers has exploded over the past decade, hardware and software makers have invested increasing amounts of resources into securing devices against physical attacks in the event that they're lost, stolen, or confiscated. Earlier this week, Intel fixed a series of bugs that made it possible for attackers to install malicious firmware on millions of computers that use its CPUs.
The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. Boot Guard protects against the possibility of someone tampering with the SPI-connected flash chip that stores the UEFI, which is a complex piece of firmware that bridges a PC's device firmware with its operating system.
[...] Intel isn't saying how it fixed a vulnerability that stems from fuse settings that can't be reset. Hudson suspects that Intel made the change using firmware that runs in the Intel Management Engine, a security and management coprocessor inside the CPU chipset that handles access to the OTP fuses, among many other things. (Earlier this week, Intel published never-before-disclosed details about the ME here.)
The two other vulnerabilities stemmed from flaws in the way CPUs fetched firmware when they were powered up. All three of the vulnerabilities were indexed under the single tracking ID CVE-2020-8705, which received a high severity rating from Intel. (Intel has an overview of all November security patches here. Computer manufacturers began making updates available this week. Hudson's post, linked above, has a far more detailed and technical writeup.
Read more of this story at SoylentNews.