Intel CPU voltage can be modified by hackers to steal Intel SGX enclaves
Recently, researchers have discovered that undocumented features in Intel CPUs allow attackers to manipulate Intel CPU voltages in a controlled manner to trigger calculation errors. This can be used to undermine the security assurances of the Intel SGX Trusted Execution Environment, which is designed to protect encrypted secrets and isolate sensitive code execution in memory.
Intel Software Guard Extensions (SGX) is a technology that exists in modern Intel CPUs. It allows users to set up a security zone, where the CPU encrypts part of the memory, and other programs cannot access the program except the programs running in the security zone. program. Even if an attacker gains privileged access to the operating system or a hypervisor in a virtualized environment, the technology can help protect data in program memory. It is especially useful for protecting cryptographic operations and keys on public cloud infrastructure.
Recently, an academic research team at the University of Birmingham, the University of Technology in Graz, Austria, and the University of Leuven, Belgium, developed a new fault injection attack called Plundervolt, which can destroy Intel SGX secrets and potentially trigger memory security errors. By manipulating the voltage of Intel CPUs using SGX, researchers can use the Plundervolt vulnerability to extract sensitive data from memory, including the full RSA encryption key.
In response to this problem, researchers have also proposed several countermeasures, including the use of fault-resistant cryptographic primitives and application and compiler hardening at the hardware and microcode levels and at the software level. However, there are still many disadvantages, including potential performance impact.
After the vulnerability was reported to Intel. The company rated the issue as a CVSS severity of 7.9, vulnerability number is CVE-2019-11157. A BIOS update was released in cooperation with partners to resolve the issue. Currently, this issue has been resolved with the latest version of Intel Microcode.
Via: csoonline