Researchers from three European universities discovered a new type of attack that affects Intel CPUs, or more specifically, the data located in Intel SGX (Intel Software Guard Extensions).
Intel SGX is considered a highly-secured area but researchers were able to exploit it.
The new attack has been dubbed Plundervolt (CVE-2019-11157), and it was analyzed by Kit Murdock, David Oswald, Flavio D Garcia (The University of Birmingham), Van Bulck, Frank Piessens (imec-DistriNet, KU Leuven), and Daniel Gruss (Graz University of Technology). It impacts Intel desktop, server, and mobile CPUs.
What Is SGX?
The SGX is a set of security-related instruction codes which is built into the latest Intel CPUs. In general, the security set keeps sensitive computations safe inside the so-called enclaves, the contents of which are protected and can’t be modified from outside the enclave. Even an attacker with root privileges in the normal operating system won’t be able to access those.
The Plundervolt Attack (CVE-2019-11157) – Short Explanation
As an introduction to their research, the researchers say that user software interfaces needed to adjust frequency and voltage can be exploited:
Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces.
In the Plundervolt attack, it becomes evident that software interfaces can be exploited. The team successfully corrupted the integrity of Intel SGX on Intel Core processors. This was done by controlling the voltage when performing exclave computations, meaning that even Intel SGX’s memory encryption/authentication technology is not enough to protect against this attack.
In other words, the researchers discovered that by fiddling with the voltage and frequency the CPU receives, it becomes possible to change bits in the SGX which leads to errors that can be exploited later once the data is not located in the secure environment.
The researchers have responsibly disclosed their findings to Intel in June. Intel has reproduced and confirmed the vulnerability. More information about Plundervolt is available in the official report.