Two new security vulnerabilities have been discovered in Intel’s CPUs that essentially let the attacker take control of the device. As per security experts, this flaw is present in all present Intel processors, with notebook and mobile chips being the most vulnerable. Unlike most side-channel vulnerabilities such as Spectre and Meltdown, these are a bit more interesting. All Intel CPUs have two undocumented instructions that allow you to modify the microcode and gain control over the processor and the, therefore, the device.
These instructions are like a fail-safe, except they work in favor of the attacker. The researchers were able to establish that all Atom-based CPUs have these two instructions, with certain hints indicating that they could be supported by all modern Intel processors.
Technically, anyone with the necessary info can use these instructions to hijack a system, with the results varying from a simple system crash (shutdown) to flashing the processor with a few bits of microcode that can be used to perform certain tasks. The most glaring part is that these instructions can be activated remotely, but require a special mode of operation. These instructions are likely meant for Intel engineers for debugging purposes, but I’d still like to know why anyone should be able to access a system that I own (engineer or not).
Fortunately, these instructions can only be run in “Red Unlock Mode” which itself is quite hard to enable. You’d need another vulnerability to enable this mode through system software, after which the hack is possible. As per experts, in older Intel systems (prior to Ice Lake), “Red Unlock Mode” can be enabled through known side-channel vulnerabilities, with the newest lineups being immune to the latter. This makes the hack quite hard to accomplish in the real world. Furthermore, only someone with extensive knowledge of the process architecture and design can carry out such an attack which is why this isn’t a well-known vulnerability.
