Press "Enter" to skip to content

CPU: ME hackers crack Intel microcode updates

Last updated on October 30, 2020

Security researchers can decrypt and examine the microcode updates for Intel CPUs. A takeover is not yet possible.

An Apollo Lake processor with Goldmont architecture (Image: DFI )

After months of reverse engineering, the security researchers at Positive Technologies have succeeded in decoding the microcode updates for certain Intel CPUs . Again, this is possible because the team managed to extract the key used for encryption. The microcode updates from Intel, with which the manufacturer also closes security gaps, can now be analyzed comparatively easily.

The team has been working for years on systematically analyzing the proprietary firmware of Intel CPUs, including the microcode. First, the team managed to gain full access to the ME . This was followed by the code execution in the actually deactivated component and various loopholes for the execution of code also over the network. Thanks to the hackers, we know that the ME is based on Minix and also includes a logic analyzer .

A few months ago, the team finally found an undocumented debugging mode that could be used to test microcode on the chips before it was released. The team was finally able to read out a ROM with the RC4 key. The investigation of the microcode updates is thus possible on all CPUs with Goldmont architecture.

Patches and gaps can be analyzed

Maxim Goryachy, who was involved in the work, told Ars Technica magazine: “At the moment it is quite difficult to assess the safety implications . However, for the first time it is possible to examine the microcode updates. Mark Ermolov, who was also involved, said: “Now researchers can see how Intel fixes one or two bugs. And that’s great” .

From this, in turn, it could be inferred how the security holes themselves work. This is particularly interesting for those errors that Intel finds itself and fixes without a large public analysis. In the long term, with the work of the researchers, it might even be possible to simply execute your own microcode on the CPUs.

Intel points out, however, that this method is not suitable for loading self-created microcode updates onto remote systems, for example for attacks, since the updates are authenticated. In addition, according to current knowledge, it would not be possible to import the changed microcode permanently. The changes would simply be lost if the computer were restarted.