Intel Announces a Vulnerability in Its Chips

The global pandemic triggered a global semiconductor shortage that experts believe will extend to 2022 and probably the year after. This shortage has highlighted the importance of semiconductors and the processors that they enable. In a recent earnings call, Intel chief executive, Pat Gelsinger, affirmed expert consensus, stating that he believes that the shortage of central processing units (CPUs) and graphics processing units (GPUs). Given the critical importance of processors to the economy and the modern world, in this era when software continues to eat the world, and artificial intelligence, big data, cloud computing and other innovations have driven up demand for processors, companies are desperate for reliable, quality supply. It will not have pleased Intel to discover and reveal to the public that it had found a vulnerability on some of its processors, that allows hackers to break past its encryption, access data and install malicious firmware. Digital Trends discusses this revelation, noting that the vulnerability largely affects older processors, such as Atom, Celeron, and Pentium, which are based on the Apollo Lake, Gemini Lake Refresh and Gemini Lake platforms. 

Intel advised its users to install its latest firmware update, in order to close this vulnerability. An interesting aspect of this vulnerability, and one that rather limits its ability to proliferate, is that it can only be exploited by a person who has physical control of the chip. Online control simply does not allow a hacker to compromise it.

Hackers who have physical control of the chip are able to run it in debugging and testing modules which are ordinarily only used by firmware developers. Due to this ability, they can then get round Inter’s security features, such as TPM protection and Bitlocker, and anti-copying blocks. When the attacker is in developer mode, they can extract the processor’s data encryption key, typically stored in Intel CPU’s Trusted Platform Module (TPM) enclave. The TPM enclave is a microcontroller that is used to store keys, passwords, digital certificates and other sensitive data. So, for instance, if the Bitlocker key is stored in the TPM enclave, a hacker can breach Bitlocker protection.

It would also be possible to get past the Intel Management Engine, which would give a hacker the ability to run unauthorized firmware on compromised chips. This may even grant the hacker permanent control of the chip, a control that could potentially go undetected for a large period of time, much like that cavity that, if left untreated, could eventually lead you to need the services of a top dental implant dentist, after you have lost the whole tooth. 

This revelation cannot have come at a worse time for Intel. The company has struggled for years to fight off the Taiwan Semiconductor Manufacturing Company (TSMC), which has become the dominant chip maker in the world, and the preferred supplier of virtually every firm that wants the most advanced semiconductors in the world. Intel has tried to pivot and get to the same level of technological development as TSMC and found the path challenging. This revelation, although it does not concern Intel’s more recent processors and its attempts to develop the next generation of chips, does call into question Intel’s ability to be a market leader.