Researchers Maxim Gorachy, Dmitry Skkylarov and Mark Ermolov did something that seemed impossible: They managed to decrypt the secret key of Intel CPUs for the first time, allowing them, for example, to fully see the contents of security patches and micro-updates. .
The key allows you to decrypt the microcode updates that Intel provides to correct security vulnerabilities and other types of errors. Having a decrypted copy of an update can allow hackers to reverse engineer and precisely learn how to exploit the hole you are patching.
In addition, the key can also allow third parties other than Intel (such as a hacker) to update the chips with their own microcode, although that custom version would not survive a system reboot.
“At the moment, it is quite difficult to assess the impact on safety,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors that you can run your microcode inside and analyze updates .”
This key can be extracted from any processor in the company. Five months ago, the trio of researchers were able to use the vulnerability to access “Red Unlock,” a service mode built into Intel chips. The company’s engineers use this mode to debug the microcode before the chips are publicly released.
In a nod to the film The Matrix, the researchers named their tool to access this previously undocumented debugger ” Chip Red Pill “; Since it allows researchers to experience the inner workings of a chip that is normally off limits. The technique works by using a USB cable or a special Intel adapter that routes the data to a vulnerable CPU.