Intel Chip Flaw Plunderbolt Hits Secure Enclaves
Intel issued a patch for a major vulnerability in many of its processors that could allow attackers to change information stored on the chip’s secure enclave. The flaw, dubbed Plunderbolt by international researchers who discovered it, affects all Software Guard Extension (SGX)-enabled Intel Core processors from Skylake onward.
Intel issued a patch for a major vulnerability in many of its processors that could allow attackers to change information stored on the chip’s secure enclave. The flaw, dubbed Plunderbolt by international researchers who discovered it, affects all Software Guard Extension (SGX)-enabled Intel Core processors from Skylake onward.
Intel SGX is hardware-based technology that isolates specific application code and data to run in private regions of memory — or enclaves — thus protecting select code and data from disclosure or modification. Plunderbolt is the first known attack to bypass Intel’s SGX security and directly inject faults within the processor, the researchers say.
As chipmakers push CPUs to perform faster and better, the processors require more heat and power consumption. To accommodate this many chip manufacturers allow users to adjust frequency and voltage through a privileged software interface. With Plundervolt, however, the threat researchers showed that these software interfaces can be exploited if the voltage is unlocked.
This latest attack is essentially the opposite of Spectre, Foreshadow, and related side-channel attacks. Those Intel processor flaws allowed hackers to read data from SGX enclave memory — in other words they attack the confidentiality. Plundervolt, on the other hand, attacks the integrity of the secure enclave by changing values in SGX-protected memory.
The researchers notified Intel about the vulnerability in June and said the chipmaker “responded quickly” to fix the problem. Intel says it’s not aware of Plunderbolt being used to attack customers’ systems but recommends installing security updates as soon as possible.
“We worked with multiple researchers and our industry partners to coordinate disclosure of the issue described in INTEL-SA-00289,” an Intel spokesperson wrote in an email to SDxCentral. “Mitigations are already available across the ecosystem.”
