Latest news with #CVE-2017-5705
TECHx
04-04-2025
- TECHx
New Exploitation Method Discovered for Intel Vulnerabilities
New Exploitation Method Discovered for Intel Vulnerabilities PT SWARM expert Mark Ermolov has uncovered a new exploitation vector for several previously patched Intel vulnerabilities, including CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, and CVE-2021-0146. While these flaws were once thought to enable only partial compromises, Ermolov's discovery can now lead to a complete breach of affected platforms. The Intel vulnerabilities impact Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh families. Although production of these chips has ended, they are still used in embedded systems like automotive electronics, e-readers, and mini-PCs. Intel was notified about the issue under responsible disclosure, but the company has not taken steps to address or mitigate the threat. The new method leverages supply chain attacks, allowing attackers to embed spyware at the assembly or repair stage, without needing any physical modifications. Local access is enough to retrieve the encryption key and inject malicious code into the Intel CSME firmware. As a result, traditional defenses like Intel Boot Guard, virtualization-based security (VBS), and antivirus software often fail to detect these implants. Once in place, the malware can go undetected, enabling attackers to steal data, lock devices, or erase files. It can also carry out other destructive actions on the affected platforms. Another significant risk is the ability to bypass DRM protections, providing unauthorized access to streaming content. The exploit can also bypass protections on Amazon e-readers, allowing attackers to copy data stored on vulnerable Intel Atom devices. In addition, encrypted hard drives and SSDs could be targeted, allowing attackers to extract sensitive data from laptops or tablets built with at-risk processors. In 2021, Positive Technologies worked with Intel to reduce the risk from CVE-2021-0146, which allowed the extraction of a crucial platform chipset key. This key is critical for Intel CSME security, handling data encryption and integrity. Ermolov's new method bypasses the key's encryption layer, putting it at risk for malicious use. Intel continues to be a major player in IoT chip solutions. However, the affected Atom E3900 processors are widely used in automotive devices. To protect against such threats, organizations are advised to use continuous vulnerability management tools like MaxPatrol VM and detection platforms like MaxPatrol SIEM to track post-exploitation activities.
Zawya
03-04-2025
- Zawya
Positive Technologies researcher discovers a new exploitation vector for previously known vulnerabilities in Intel processors
Dubai, UAE: PT SWARM expert Mark Ermolov discovered a new exploitation vector for the vulnerabilities CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, and CVE-2021-0146, which Intel has already fixed. Previously, these issues only enabled partial compromise, but this new method can lead to a complete security breach of affected platforms. The newly discovered approach to exploitation can be applied to attacks on devices equipped with Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh series. Production of these chips has ended, yet they remain in embedded systems, such as automotive electronics, and in ultra-mobile devices, including e-readers and mini-PCs. Intel was notified in accordance with the responsible disclosure policy but rejected the described problem and refused to take measures to eliminate or reduce the threat level. The main exploitation vector involves supply chain attacks [1]. Attackers can embed spyware at the assembly or repair stage without altering the hardware. "This approach requires no soldering or any other physical modification," said Ermolov. "Local access is enough to retrieve the encryption key and inject malicious code into Intel CSME firmware. These implants often slip under the radar of Intel Boot Guard, virtualization-based security (VBS), and antivirus solutions. They can operate unnoticed, capture user data, lock devices, erase or encrypt files, and carry out other destructive actions." A secondary risk involves exploiting these formerly patched flaws to bypass DRM [2] safeguards, which can grant unauthorized access to content from various streaming services. The newly identified method also circumvents some Amazon e-reader protections, allowing threat actors to copy data on devices powered by vulnerable Intel Atom processors. Attackers can also use these tactics to access data on encrypted storage devices like hard drives or SSDs. This approach can target laptops or tablets built on the at-risk processors. In 2021, Positive Technologies worked with Intel to reduce the danger posed by CVE-2021-0146, which allowed extraction of the platform chipset key. That key is one of the Intel CSME subsystem's most closely guarded secrets because it underpins the root of trust and generates every working key for data encryption and code integrity. The new exploitation method decrypts the chipset key by bypassing its fuse encryption layer, opening the door to malicious Intelligence ranks Intel as a leading chip supplier for IoT solutions. Its Atom E3900 processors, which are affected by the vulnerabilities, appear in devices used by dozens of automotive manufacturers. Organizations looking to maintain ongoing oversight of vulnerabilities can rely on MaxPatrol VM for continuous management. Should a breach occur, platforms like MaxPatrol SIEM can assist in spotting post-exploitation indicators and tracking further actions by attackers. About Positive Technologies Positive Technologies is an industry leader in results-oriented cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us in the News section at [1] Attacks on service providers, through third-party companies. [2] Digital rights management — technical means of copyright protection.
