The newly discovered approach to exploitation can be applied to attacks on devices equipped with Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh series. Production of these chips has ended, yet they remain in embedded systems, such as automotive electronics, and in ultra-mobile devices, including e-readers and mini-PCs. Intel was notified in accordance with the responsible disclosure policy but rejected the described problem and refused to take measures to eliminate or reduce the threat level.

The main exploitation vector involves supply chain attacks. Attackers can embed spyware at the assembly or repair stage without altering the hardware. “This approach requires no soldering or any other physical modification,” said Ermolov. “Local access is enough to retrieve the encryption key and inject malicious code into Intel CSME firmware. These implants often slip under the radar of Intel Boot Guard, virtualization-based security (VBS), and antivirus solutions. They can operate unnoticed, capture user data, lock devices, erase or encrypt files, and carry out other destructive actions.”

A secondary risk involves exploiting these formerly patched flaws to bypass DRM safeguards, which can grant unauthorized access to content from various streaming services. The newly identified method also circumvents some Amazon e-reader protections, allowing threat actors to copy data on devices powered by vulnerable Intel Atom processors. Attackers can also use these tactics to access data on encrypted storage devices like hard drives or SSDs. This approach can target laptops or tablets built on the at-risk processors.

“As the adoption of AI-powered devices and applications continues to surge in the MMEA markets, with the total expected gains of AI in the region reaching US$320 billion by 2030, we must provide consumers with the most robust security solutions to protect their digital journeys,” said Dr. Moataz Bin Ali, Regional Vice President and Managing Director, MMEA, Trend Micro. “The value of this AI-driven era will ultimately depend on how secure it is, from the enterprise level to the individual consumer. Our partnership with Intel allows us to leverage their state-of-the-art hardware capabilities to deliver groundbreaking security features tailored for the unique needs of our regional customers.”

“We are pleased to collaborate with Trend Micro on AI solutions leveraging our next-generation Intel Core Ultra processors (code name Lunar Lake). Specifically, Trend Micro will be the first to utilize Lunar Lake’s 48 NPU Tops on their email defence feature to run scans locally, increasing user privacy and security while lowering latency,” said Carla Rodriguez, Vice President and General Manager of Client Software Ecosystem Enabling at Intel. “Intel enables a broad and open ecosystem and brings unmatched scale and channels for AI ISVs like Trend Micro. We look forward to driving their solutions to those seeking to adopt AI-capable PCs rooted in security.”

By integrating Intel’s Lunar Lake processors featuring advanced neural processing units (NPUs), Trend Micro’s AI application protection capability is designed to safeguard consumers from emerging threats targeting AI-powered software, such as model tampering and knowledge base poisoning. Additionally, Trend Micro’s NPU-powered email security solution enables local processing of email scans, delivering a faster and more privacy-centric user experience. Through these innovative security features, Trend Micro is ensuring consumers can embrace the benefits of AI technology while maintaining the highest levels of data protection.