Plundervolt Attack Let Hackers Access the Sensitive Data Stored Inside Secure Area of Intel CPUs

Plundervolt Attack is a new Intel CPU based attack that can break the security mechanism of Intel CPUs by abusing privileged dynamic voltage scaling interfaces.

Security researchers at the University of Birmingham identified a new attack dubbed Plundervolt targeting Intel Software Guard Extensions (Intel SGX). Intel SGX is a set of instructions that enhances the application code and data.

The vulnerability was disclosed to Intel on 7, 2019 and it can be tracked as CVE-2019-11157. It affects all the Intel Core processors starting from Skylake. The vulnerability was addressed by Intel on the Tuesday patch of December.

How the Plundervolt Attack Works

Modern processors to perform function faster than before, on the other hand, it requires a lot of power and increases the heat. To manage the power and heat chip providers allow frequency and voltage to be adjusted through software interfaces.

With the Plundervolt researchers shows that “software interfaces can be exploited to undermine the system’s security.” They able to “corrupt the integrity of the Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations.”

This attack can even bypass the Intel SGX’s memory encryption/authentication technology that used to protect the data in the enclaves.

Plundervolt Attack assumes that attackers already having complete control over the software that running outside of the enclave including the operating system and BIOS.

A remote attacker can execute the attack and no physical access is required as the undervolting (the process used to control computer processors and components dynamically on runtime) interface is accessible from the software.

The first step of the attack is the fault injection into SGX enclaves, researchers analyzed several x86 assembly instructions and they found multiplications can be faulted.

Researchers observed that the required undervolting to reach a faulty state depends (as expected) on the CPU temperature.

Next to that, the feasibility of fault injection is investigated, researchers able to researchers able to apply their “undervolting techniques to inject faults in Intel SGX’s hardware-level key derivation instructions.”

In addition to memory consumption, the paper published by researchers also shows that Plundervolt can also cause memory safety misbehavior in certain situations.

Mitigations

If you are not using SGX, then nothing to worry about this, if you are using it Intel has provided a microcode update along with the BIOS update.

Intel released an advisory INTEL-SA-00289, “we worked on with multiple academic researchers that affect client systems, and some Xeon E based platforms. We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates