iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Dolby Access

Dolby Access

Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK

IT News

Jan 24
The function has proved popular with users since last year's big overhaul of Jira.
Jan 24
The six high-risk vulnerabilities result from hard-coded or no credentials in remote access software and the use of outdated applications.
Jan 24
The warning about Cisco Firepower management software is rated critical among 26 other less urgent security advisories it issued.
Jan 24
VMware said the Nyansa technology will be targeted at boosting monitoring and troubleshooting for LAN/WAN deployments within its SD-WAN package -- VMware SD-WAN by VeloCloud.
Jan 23
When enterprises embraced digital transformation, some found their existing networks had a limited ability to address cloud connectivity or access for mobile users.
Jan 23
The Firefox browser maker had more trouble creating revenue-generating products in 2019 than it expected, leading to the job cuts. Mozilla has set aside $43 million to pay for building new products.
Jan 22
Continued Russian interference, insecure paperless voting processes will sow doubt about the next election despite some security improvements.

Categories

Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves

An undocumented feature in Intel CPUs allows attackers to manipulate the voltage of Intel CPUs to trigger computational faults in a controlled manner. This can be used to defeat the security guarantees of the Intel SGX trusted execution environment, which is meant to protect cryptographic secrets and to isolate sensitive code execution in memory.

The Intel Software Guard Extensions (SGX) is a technology present in modern Intel CPUs that allow users to set up so-called enclaves where the CPU encrypts part of the memory and doesn't allow any programs except those running inside the enclave to access it.

Like most trusted execution environments, Intel SGX is a solution designed to protect data while in use in a program's memory even if attackers gain privileged access to the operating system, or the hypervisor in the case of virtualized environments. It is particularly useful for protecting cryptographic operations and keys on public cloud infrastructure. For example, it's one of the core components powering Microsoft Azure's Confidential Computing offerings.

A team of academic researchers from the University of Birmingham in the UK, Graz University of Technology in Austria and KU Leuven in Belgium, developed a new fault injection attack dubbed Plundervolt that can compromise Intel SGX secrets, as well as potentially to trigger memory safety errors in programs that don't have such bugs in their code.

Fault injection via CPU voltage scaling

Fault injection attacks are not new. They involve manipulating the normal operating conditions of a system to discover unexpected errors. In the field of cryptanalysis, such attacks have been used as a side channel to infer information about the internal state of cryptographic systems and to recover cryptographic keys by manipulating the CPU's supply voltage, internal clock and other environmental conditions. The technique is known as differential fault analysis.

Plundervolt is similar in that regard, but instead of using physical manipulation, it exploits a dynamic voltage scaling feature that Intel CPUs already have and that can be triggered from software through a special Model Specific Register (MSR). This undocumented software interface is present because modern CPUs automatically adjust their operating frequency, and therefore supply voltage, depending on workload to limit power consumption and heating.

"Using this interface to very briefly decrease the CPU voltage during a computation in a victim SGX enclave, we show that a privileged adversary is able to inject faults into protected enclave computations," the researchers wrote in their paper, which was shared with CSO. "Crucially, since the faults happen within the processor package, i.e., before the results are committed to memory, Intel SGX's memory integrity protection fails to defend against our attacks. To the best of our knowledge, we are the first to practically showcase an attack that directly breaches SGX's integrity guarantees."

Plundervolt affects all SGX-enabled Intel Core processors starting with the Skylake generation. Previous generations of Intel Core processors also have the undervoltage interface, but it does not pose a threat outside of the SGX context.

Remote attacks

To access the voltage scaling MSR, attackers need root privilege on the operating system. However, SGX was built specifically to guarantee the confidentiality and integrity of enclave code execution and memory even in the case of such compromises. Since physical access is not required to manipulate the voltage, the attacks can be executed remotely if the attacker gains privileged code execution on a system.

"Software-based fault attacks shift the threat model from a local attacker (with physical access to the target device) to a potentially remote attacker with only local code execution," the researchers said. "Initially, these attacks were interesting in scenarios where the attacker is unprivileged or even sandboxed. However, with secure execution technologies, such as Intel SGX, ARM TrustZone and AMD SEV, privileged attackers must also be considered as they are part of the corresponding threat models."

The researchers demonstrated that they can use this attack to extract full keys from Intel's RSA-CRT and AES-NI -- hardware-accelerated AES -- implementations when running in SGX enclaves. Moreover, this was achieved in a couple minutes with negligible computational effort.

Memory safety errors

The extraction of cryptographic keys from Intel SGX has been achieved before, for example through the Foreshadow CPU side-channel vulnerability. However, Plundervolt can also be used to violate the memory integrity guarantees of the SGX enclaves by artificially introducing memory safety vulnerabilities into seemingly bug-free code. In other words, even if developers do everything right and ensure their code does not have any vulnerabilities, attackers can use this technique to inject such errors in the code while it's being executed inside an enclave.

"To the best of our knowledge, we are the first to explore the memory safety implications of faulty multiplications in compiler-generated code," the researchers said. "Compared to prior work that demonstrated frequency scaling fault injection attacks against ARM TrustZone cryptographic implementations, we show that undervolting is not exclusively a concern for cryptographic algorithms."

Mitigation and response

The researchers proposed several possible countermeasures in their paper, both at the hardware and microcode level and the software level through the use of fault-resistant cryptographic primitives, as well as application and compiler hardening. However, many of them have various downsides, including a potential performance impact.

The vulnerability was first reported to Intel in June, but it was also independently discovered by other teams of academic researchers who reported it in August. The company rates the issue as high severity -- 7.9 on the CVSS scale -- and tracks it as CVE-2019-11157. It has worked with partners to release BIOS updates to address it.

According to the researchers, Intel's patch consists of disabling access to the particular voltage scaling interface -- MSR -- identified in the paper. However, they note that additional avenues for fault injection might exist through other power or clock management features that have yet to be identified.

"All of the issues publicly announced today have been addressed with the latest versions of Intel's microcode, which is available either through a Red Hat Security Advisory (RHSA) that was released today or directly from Intel," Christopher Robinson, program manager for product security assurance at Red Hat tells CSO. "Red Hat does not currently implement SGX, so our customers are not impacted by any of the SGX-related attacks. Like any vulnerability, Red Hat Product Security advises system administrators to evaluate the particular risks and exposures within their own environments, and they are strongly encouraged to deploy the latest security updates to correct known vulnerabilities as soon as possible."

Microsoft did not immediately respond to a request for comment.

This story, "Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves" was originally published by CSO.