View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 11, 2019

Intel SGX Broken by “Plundervolt” Attack

"Various academic researchers have come up with some interesting names for this class of issues..."

By CBR Staff Writer

Intel SGX was meant to be the chipmaker’s answer to bulletproof security: a way of partitioning sensitive information into enclaves, using hardware-based isolation and memory encryption. Microsoft Azure uses the technique to protect data in the cloud; IBM uses it as part of its “Cloud Data Shield” and Fortanix has built its offering on SGX.

Now two teams of academics, including a professor at the UK’s University of Birmingham, say they have successfully demonstrated an attack on Intel SGX enclaces that abuses a previously undocumented software-based interface to attack the CPU and extract cryptographic keys, by “undervolting” the CPU, or tampering with power supply.

Intel SGX Attacks Dubbed “Plundervolt”

Dubbed “Plundervolt”, the attack was first reported to Intel six months ago and patched this week as one of 11 security advisories pushed out by Intel late on Tuesday. (This involves a microcode update and BIOS update that disables the undervolting interface.)

It has been given the CVE-2019-11157 and is partly similar to the CLKScrew and VoltJockey attacks that target ARM processors and ARM Trustzone, using privileged power/clock management feature to inject faults into a trusted execution environment.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

The researchers say the attack is the first to bypass Intel SGX’s integrity guarantees by directly injecting faults within the processor package. They have made their proof-of-concept attack code available at:

The attack is complex: anyone exploiting it would need to obtain root privileges in the OS (at which point there are already huge problems); this can be possible remotely however, and as the researchers noted, even attackers with physical access would also be in the threat model of SGX (e.g. to protect against malicious cloud providers).

Read this: Intel Turns to Foundries to Fix CPU Shipment Delays, as OEMs Fume

“When SGX is enabled on a system, a privileged user may be able to mount an attack through the control of CPU voltage settings with the potential to impact the confidentiality and integrity of software assets”, Intel said in its advisory.

The company added: “Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings.

“We are aware of publications by various academic researchers that have come up with some interesting names for this class of issues,” it added.

Pundervolt was first reported on June 7, 2019 by a group of international researchers including Kit Murdock, David Oswald, Flavio D Garcia from the UK’s University of Birmingham, Jo Van Bulck, Frank Piessens from the Netherlands’imec-DistriNet, KU Leuven and Graz University of Technology)

Among the other security issues issues patched by Intel late Tuesday was a high severity vulnerability in the Linux administrative tools for Intel network adapters that could allow escalation of privilege. Given the CVE-2019-0159, it has a CVSS score of 8.2 and requires updates to version 24.3 or higher of the admin tools to mitigate.

Read this: IBM Cloud Bare Metal Pwned, Re-Released into Hardware Pool



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.