Posted on December 11, 2019 at 9:55 AM
Hackers could Steal Data from Intel SGX Enclaves by Changing Processor Voltage
According to recent findings, one undocumented feature within Intel processors might be misused by online criminals to change the voltage of the CPU. According to security researchers, this technique could allow hackers to cause computational faults and possibly bypass security, resulting in the extraction of sensitive data.
What is the problem?
The flaw lies with the Intel SGX (Software Guard Extensions), which exists in modern processors and allows users to create ‘enclaves,’ where the processor can encrypt some parts of the memory. The encrypted memory can then only be accessed by programs that have permission to run within the enclave.
The solution exists in order to increase security and protect the data, and so far, it supposedly had the ability to prevent hackers from stealing sensitive information even with access to the OS. It even has its uses in protecting keys and cryptographic operations on public cloud infrastructure.
However, according to researchers from the UK’s University of Birmingham, as well as Belgium’s KU Leuven and Austria’s Graz University of Technology, Intel SGX secrets could still get extracted. The teams created a special fault injection attack, which they named Plundervolt. The attack could result in stealing secrets or triggering of memory safety errors in various programs-
This is not exactly a new form of an attack. In fact, they were known for a long time in the field of cryptoanalysis. Plundervolt is not exactly the same as the techniques used so far, but it is quite close, with the biggest difference being the fact that it doesn’t use physical manipulation. Instead, it exploits a dynamic voltage scaling feature.
Researchers noted that their tests rendered Intel SGX’s memory integrity protection powerless against the attack. However, they also believe that they were the first to attempt this method. According to their report, the attack seems to be effective against any Intel Core CPU that has SGX enabled. In other words, the oldest generation that can be affected by the attack is Skylake, while any CPU before this generation should be perfectly safe from Plundervolt.
The new attack can be performed remotely
Another important difference between old methods of performing such an attack and the new one is that hackers needed root privilege on the operating systems before. In other words, they required physical access to the device they were trying to attack. The new method, on the other hand, can be executed remotely, and all that the hacker really needs is to gain privileged code execution on a system.
Researchers even demonstrated the attack, which only lasted a couple of minutes. Not only that, but it also required computational effort that is almost negligible.
Of course, this is not the first time that someone managed to extract the cryptographic keys from the Intel SGX. Previously, hackers could have done that by using a Foreshadow vulnerability. With Plundervolt, however, they can artificially introduce memory safety flaws into a secure, bug-free code. Essentially, even if the code is flawless, attackers can make it vulnerable by employing this technique.
Once more, researchers claim that they never heard of anyone else employing this technique, indicating that it does not exist in the wild as of yet.
As for how anyone can defend against this technique, researchers stated that there are a few potential methods. Users could protect themselves by using fault-resistant cryptographic primitives, and application and compiler hardening, These methods are not perfect, however, and they come with their own downsides.
Researchers actually discovered the flaw earlier this year, and they notified Intel in June. However, only two months later, in August, another team came up with the same technique. Meanwhile, Intel introduced a patch that can disable access to a particular voltage scaling interface which researchers identified. The solution is still not perfect, and some cracks might still be there, but all of the problems that researchers announced in their paper were addressed through the updates.
