10 April 2025, Thu |
1:22 PM
PT SWARM expert Mark Ermolov has uncovered a new exploitation vector for several previously patched Intel vulnerabilities, including CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, and CVE-2021-0146. While these flaws were once thought to enable only partial compromises, Ermolov’s discovery can now lead to a complete breach of affected platforms.
The Intel vulnerabilities impact Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh families. Although production of these chips has ended, they are still used in embedded systems like automotive electronics, e-readers, and mini-PCs.
Intel was notified about the issue under responsible disclosure, but the company has not taken steps to address or mitigate the threat.
The new method leverages supply chain attacks, allowing attackers to embed spyware at the assembly or repair stage, without needing any physical modifications. Local access is enough to retrieve the encryption key and inject malicious code into the Intel CSME firmware. As a result, traditional defenses like Intel Boot Guard, virtualization-based security (VBS), and antivirus software often fail to detect these implants.
Once in place, the malware can go undetected, enabling attackers to steal data, lock devices, or erase files. It can also carry out other destructive actions on the affected platforms.
Another significant risk is the ability to bypass DRM protections, providing unauthorized access to streaming content. The exploit can also bypass protections on Amazon e-readers, allowing attackers to copy data stored on vulnerable Intel Atom devices. In addition, encrypted hard drives and SSDs could be targeted, allowing attackers to extract sensitive data from laptops or tablets built with at-risk processors.
In 2021, Positive Technologies worked with Intel to reduce the risk from CVE-2021-0146, which allowed the extraction of a crucial platform chipset key. This key is critical for Intel CSME security, handling data encryption and integrity. Ermolov’s new method bypasses the key’s encryption layer, putting it at risk for malicious use.
Intel continues to be a major player in IoT chip solutions. However, the affected Atom E3900 processors are widely used in automotive devices. To protect against such threats, organizations are advised to use continuous vulnerability management tools like MaxPatrol VM and detection platforms like MaxPatrol SIEM to track post-exploitation activities.
