Intel has another mess on its hands, as a new vulnerability has popped up that lets anyone with physical access to a computer install malicious firmware on specific Intel chips. In doing so, they can defeat protections provided by Bitlocker and others.
The affected chips are the Intel Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms. These chips are found in lower-end desktops and laptops, so if you own one of these, you’ll want to be extra watchful over your device.
As mentioned, the attacker needs to have physical access to the computer, meaning they can’t execute the malicious exploits remotely. But if someone does manage to steal your laptop, they can get around Bitlocker, trusted platform modules, anti-copying restrictions, and so on. Meaning that someone can get around the security there to protect your stuff.
According to Ars Technica, which has all the technical details of the exploit if you’re interested, the person only needs physical access to your computer for about 10 minutes, which is plenty of time if they’ve actually stolen or found your laptop.
Researcher Mark Ermolov, who is part of the team that found the vulnerability, spoke about the real risk of this exploit:
One example of a real threat is lost or stolen laptops that contain confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop.
There’s currently no evidence that the bug has been exploited in the wild yet, and as long as you have control over your laptop, you shouldn’t have anything to worry about. Thankfully, there’s an update, which Intel says “that users of affected Intel Processors update to the latest version provided by the system manufacturer that addresses these issues.”
If you have one of the processors listed on this page, you should install the UEFI BIOS update available from OEMs or motherboard manufacturers to ensure you’re protected, especially if you have lots of privileged information on your PC.