Sunday, November 10, 2024
HomeComputer SecurityPlundervolt Attack Let Hackers Access the Sensitive Data Stored Inside Secure Area...

Plundervolt Attack Let Hackers Access the Sensitive Data Stored Inside Secure Area of Intel CPUs

Published on

Malware protection

Plundervolt Attack is a new Intel CPU based attack that can break the security mechanism of Intel CPUs by abusing privileged dynamic voltage scaling interfaces.

Security researchers at the University of Birmingham identified a new attack dubbed Plundervolt targeting Intel Software Guard Extensions (Intel SGX). Intel SGX is a set of instructions that enhances the application code and data.

The vulnerability was disclosed to Intel on 7, 2019 and it can be tracked as CVE-2019-11157. It affects all the Intel Core processors starting from Skylake. The vulnerability was addressed by Intel on the Tuesday patch of December.

- Advertisement - SIEM as a Service

How the Plundervolt Attack Works

Modern processors to perform function faster than before, on the other hand, it requires a lot of power and increases the heat. To manage the power and heat chip providers allow frequency and voltage to be adjusted through software interfaces.

With the Plundervolt researchers shows that “software interfaces can be exploited to undermine the system’s security.” They able to “corrupt the integrity of the Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations.”

This attack can even bypass the Intel SGX’s memory encryption/authentication technology that used to protect the data in the enclaves.

Plundervolt Attack assumes that attackers already having complete control over the software that running outside of the enclave including the operating system and BIOS.

A remote attacker can execute the attack and no physical access is required as the undervolting (the process used to control computer processors and components dynamically on runtime) interface is accessible from the software.

The first step of the attack is the fault injection into SGX enclaves, researchers analyzed several x86 assembly instructions and they found multiplications can be faulted.

Researchers observed that the required undervolting to reach a faulty state depends (as expected) on the CPU temperature.

Next to that, the feasibility of fault injection is investigated, researchers able to researchers able to apply their “undervolting techniques to inject faults in Intel SGX’s hardware-level key derivation instructions.”

In addition to memory consumption, the paper published by researchers also shows that Plundervolt can also cause memory safety misbehavior in certain situations.

Mitigations

If you are not using SGX, then nothing to worry about this, if you are using it Intel has provided a microcode update along with the BIOS update.

Intel released an advisory INTEL-SA-00289, “we worked on with multiple academic researchers that affect client systems, and some Xeon E based platforms. We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps...