Plundervolt Attack Let Hackers Access the Sensitive Data Stored Inside Secure Area of Intel CPUs

Plundervolt Attack is a new Intel CPU based attack that can break the security mechanism of Intel CPUs by abusing privileged dynamic voltage scaling interfaces.

Security researchers at the University of Birmingham identified a new attack dubbed Plundervolt targeting Intel Software Guard Extensions (Intel SGX). Intel SGX is a set of instructions that enhances the application code and data.

The vulnerability was disclosed to Intel on 7, 2019 and it can be tracked as CVE-2019-11157. It affects all the Intel Core processors starting from Skylake. The vulnerability was addressed by Intel on the Tuesday patch of December.

How the Plundervolt Attack Works

Modern processors to perform function faster than before, on the other hand, it requires a lot of power and increases the heat. To manage the power and heat chip providers allow frequency and voltage to be adjusted through software interfaces.

With the Plundervolt researchers shows that “software interfaces can be exploited to undermine the system’s security.” They able to “corrupt the integrity of the Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations.”

This attack can even bypass the Intel SGX’s memory encryption/authentication technology that used to protect the data in the enclaves.

Plundervolt Attack assumes that attackers already having complete control over the software that running outside of the enclave including the operating system and BIOS.

A remote attacker can execute the attack and no physical access is required as the undervolting (the process used to control computer processors and components dynamically on runtime) interface is accessible from the software.

The first step of the attack is the fault injection into SGX enclaves, researchers analyzed several x86 assembly instructions and they found multiplications can be faulted.

Researchers observed that the required undervolting to reach a faulty state depends (as expected) on the CPU temperature.

Next to that, the feasibility of fault injection is investigated, researchers able to researchers able to apply their “undervolting techniques to inject faults in Intel SGX’s hardware-level key derivation instructions.”

In addition to memory consumption, the paper published by researchers also shows that Plundervolt can also cause memory safety misbehavior in certain situations.

Mitigations

If you are not using SGX, then nothing to worry about this, if you are using it Intel has provided a microcode update along with the BIOS update.

Intel released an advisory INTEL-SA-00289, “we worked on with multiple academic researchers that affect client systems, and some Xeon E based platforms. We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

7 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

10 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

15 hours ago