Intel SGX was meant to be the chipmaker’s answer to bulletproof security: a way of partitioning sensitive information into enclaves, using hardware-based isolation and memory encryption. Microsoft Azure uses the technique to protect data in the cloud; IBM uses it as part of its “Cloud Data Shield” and Fortanix has built its offering on SGX.
Now two teams of academics, including a professor at the UK’s University of Birmingham, say they have successfully demonstrated an attack on Intel SGX enclaces that abuses a previously undocumented software-based interface to attack the CPU and extract cryptographic keys, by “undervolting” the CPU, or tampering with power supply.
Intel SGX Attacks Dubbed “Plundervolt”
Dubbed “Plundervolt”, the attack was first reported to Intel six months ago and patched this week as one of 11 security advisories pushed out by Intel late on Tuesday. (This involves a microcode update and BIOS update that disables the undervolting interface.)
It has been given the CVE-2019-11157 and is partly similar to the CLKScrew and VoltJockey attacks that target ARM processors and ARM Trustzone, using privileged power/clock management feature to inject faults into a trusted execution environment.
The researchers say the attack is the first to bypass Intel SGX’s integrity guarantees by directly injecting faults within the processor package. They have made their proof-of-concept attack code available at: https://github.com/KitMurdock/plundervolt
The attack is complex: anyone exploiting it would need to obtain root privileges in the OS (at which point there are already huge problems); this can be possible remotely however, and as the researchers noted, even attackers with physical access would also be in the threat model of SGX (e.g. to protect against malicious cloud providers).
“When SGX is enabled on a system, a privileged user may be able to mount an attack through the control of CPU voltage settings with the potential to impact the confidentiality and integrity of software assets”, Intel said in its advisory.
The company added: “Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings.
“We are aware of publications by various academic researchers that have come up with some interesting names for this class of issues,” it added.
Among the other security issues issues patched by Intel late Tuesday was a high severity vulnerability in the Linux administrative tools for Intel network adapters that could allow escalation of privilege. Given the CVE-2019-0159, it has a CVSS score of 8.2 and requires updates to version 24.3 or higher of the admin tools to mitigate.