Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits

Intel has developed and incorporated a circuit into its latest line of PC chips that can detect when attackers are using motherboard exploits to extract information from PC devices.

The "tunable replica circuit" on the latest Intel chips can detect attempts to glitch systems through voltage, clock, or electromagnetic techniques, Intel said during Black Hat. Attackers use these techniques to insert their own firmware and take control of the device.

"Every semiconductor ever produced is vulnerable to these attacks. The question is, how easy is it to exploit? We've just made it a lot harder to exploit because we detect these attacks," says Daniel Nemiroff, senior principal engineer at Intel.

The circuit is being implemented in Alder Lake, the 12th Gen Intel Core processors, which are used in laptops. Servers may get this technology at a later date, Nemiroff says.

The Circuit's Inner Workings

Typically, when a computer turns on, the silicon's power management controller waits for the voltage to ramp to a certain value before it starts activating components. For example, the power management controller activates the security engine, the USB controller, and other circuits when they reach their voltage values.

Under normal operations, once the microcontrollers activate, the security engine loads its firmware. In this motherboard hack, attackers attempt to trigger an error condition by lowering the voltage. The resulting glitch gives attackers the opportunity to load malicious firmware, which provides full access to information such as biometric data stored in trusted platform module circuits.

The tunable replica circuit protects systems against such attacks. Nemiroff describes the circuit as a countermeasure to prevent the hardware attack by matching the time and corresponding voltage at which circuits on a motherboard are activated. If the values don't match, the circuit detects an attack and generates an error, which will cause the chip's security layer to activate a failsafe and go through a reset.

"The only reason that could be different is because someone had slowed down the data line so much that it was an attack," Nemiroff says.

Such attacks are challenging to execute because attackers need to get access to the motherboard and attach components, such as voltage regulators, to execute the hack. The attackers will also need to know the exact time at which to mount a voltage glitch and what voltage they should drive to the pin.

"It's practical in the sense that if someone has stolen your machine from a taxi [and] brings it to their lab, they've got all the time in the world to open the laptop and then solder the right voltage generator lines to the machine itself," Nemiroff said.

That is the reason why the circuit is currently being integrated into chips used for laptops and not servers and desktops. Servers and desktops are not as portable and, thus, harder to steal, Nemiroff says.

Deploying Countermeasures

While no evidence of a motherboard exploit used in this manner exists, defenses need to be incorporated now, before attacks become widespread.

"There's no recorded exploit of an Intel PC system using these attacks, but there are various examples of other devices that have been attacked that are more interesting, like discrete TPMs and smart cards," Nemiroff says.

Glitching the security of a system isn't novel; it has existed in pay TV and smart cards for more than two decades, said Dmitry Nedospasov, who runs hardware security services provider Toothless Consulting and Advanced Security Training, which provides information security training.

Intel is adding system countermeasures to its platform controller hub, not its CPU. It's not clear to what extent the countermeasure implemented in the controller hub would be capable of protecting the system.

"The threat model is not clear and so is the reason why this mitigation is required," Nedospasov said.

As to the effectiveness of the circuit, it will be hard to verify whether it works without some kind of peer review, Nedospasov said.

"It's not clear what will and will not work in practice," Nedospasov said.

A lot of the patents on hardware countermeasures for chips were created in the 1990s and early 2000s, many of which came from pay TV.

"What this also means is that the 20-year patent periods have already expired or are expiring in the coming years. Many in the industry believe that we can expect more and more hardware countermeasures as manufacturers will no longer have to license the patents to implement these protections," Nedospasov said.

It is possible customers are putting pressure on Intel to shore up its on-chip security mechanisms, Nedospasov said.

"The bar is being raised and people are running out of software and firmware attacks, but they are going to come at us with hardware attacks. We figure this is the right time to deploy those kinds of countermeasures," Nemiroff said.