Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/11/2019
05:20 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Intel Issues Fix for 'Plundervolt' SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.

Intel this week urged customers to apply a new firmware update that thwarts a new class of attack techniques exploiting the voltage adjustment feature in several families of its microprocessors.

Three different academic research teams separately found and reported to Intel a vulnerability in its Software Guard Extensions (SGX) security feature that could be abused by an attacker to inject malware and even steal encryption keys. SGX, which is baked into modern Intel microprocessors, places sensitive computations such as memory encryption and authentication in protected "enclaves" so attackers can't modify or access them. It allows frequency and voltage to be tuned for managing heat and power consumption of machines.

One group of researchers was able to lower the voltage on SGX-based systems - "undervolting" them - and allowing them to force an error that resulted in their recovering the AES encryption key within a few minutes.

The INTEL-SA-00289 vulnerability lies in the Intel 6th, 7th, 8th, 9th, and 10th Generation Core Processors, as well as the Xeon Processor E3 v5 and v6 and the Xeon Processor E-2100 and E-2200 lines. 

Intel's security update disables the voltage-tuning function in SGX, basically locking down voltage to the default settings. The company advises applying the patch ASAP: "We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible," said Jerry Bryant, director of communications for Intel, in blog post yesterday, pointing to a list of computer manufacturer support sites for update details.

'Plundervolt'
Researchers from the University of Birmingham's School of Computer Science, imec-DistriNet, and Graz University of Technology teamed up to study how to exploit the voltage feature in SGX in a project they dubbed "Plundervolt," which they plan to present at the IEEE Security & Privacy conference in May. They were the first to alert Intel to the vulnerability, in June 2019.

The team consists of Oswald, University of Birmingham's Kit Murdock and Flavio Garcia, imec-DistriNet's Jo Van Bulck and Frank Piessens, and Graz University's Daniel Gruss.

In August 2019, researchers from Technische Universität Darmstadt and University of California gave Intel a proof-of-concept of the vuln, and University of Maryland and Tsinghua University researchers disclosed the issue to Intel as well that month.

David Oswald, senior lecturer in Computer Security at the University of Birmingham and a member of the Plundervolt team, says the concept of "undervolting" had been known for some time, but it previously had only been executed via hardware, attaching an external power supply unit, for instance.

What's unique about Plundervolt and similar attacks is that they are mounted from software, Oswald says. "So we simply need to execute code on a target machine so it can do the undervolting" via the software interface, he says.

Even so, you need to gain administrative privileges to manipulate the voltage feature.

In a nutshell, here's how Plundervolt works: The researchers reduced the supply of voltage to the CPU in short bursts to avoid crashing the computer, which allowed them to flip a bit in some critical computations, such as AES encryption.

"You can flip a bit here and there to carry out an attack," he says. "There are tools on Github which you can use to carry out some mathematical analysis ... and then you can recover the [AES] key in minutes."

The researchers also were able to flip a bit in some computations to inject malicious code into the enclave, such as a buffer overflow exploit. 

The underlying vuln Plundervolt exploits the ability for an admin to tune the voltage.

"It looks like it was an oversight. Probably one [Intel] group developed SGX and another the power management features like undervolting," Oswald says. "You have a very complex process developed by a lot of people. And you have a very big attack surface."

The undervolting attacks come on the heels of a wave of speculative execution attack research on Intel chips, such as Spectre and Foreshadow. The latter read data from an SGX enclave's memory while Plundervolt and others alter the values in the memory.

The researchers offer video clips and details, as well as their research paper, on a Plundervolt website they established.

Oswald's team next hopes to explore other instructions it can alter in SGX and to test other hardware platforms for similar weaknesses, possibly some smartphones. They also want to investigate another way to defend against Plundervolt-style attacks rather than just shutting it off like Intel has done.

"Maybe there's a more elegant way of defending against this without simply disabling undervolting," he says. "It has a good use," such as energy savings.

Even so, most end users don't employ SGX on their machines, he notes. While it comes in many laptop processors, for example, for the most part "it's not actively used" in those environments.

Don't Panic
Oswald believes undervolting attacks obviously aren't an imminent danger, but as operating systems become more secure, attackers will migrate more to hardware hacks.

"I think the researchers now are mainly ahead of the attackers," he says. "For nation-states, [for example], it's easier to buy a classic buffer overflow or something [else] than to do hardware-based attacks."

Richard Bejtlich, principal security strategist at Corelight, says Plundervolt demonstrates how academic researchers have found a real niche in CPU hacking. While academia often gets criticized for obscure or "out-of-touch" security research, he says, this type of hardware research resonates.

"I think when they focus on this hardware-level analysis, there's a really deep computer [science]," he says. "This seems to be something they are really good at."  

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Next Security Silicon Valley: Coming to a City Near You?"

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25660
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
CVE-2020-25688
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
CVE-2020-25696
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
CVE-2020-26229
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
CVE-2020-28984
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.