- Joined
- May 6, 2019
- Messages
- 12,595
- Points
- 113
Everyone on the planet is tired of reading about Intel vulnerabilities by now, but the execution of this latest one is, at least, uniquely amusing. European scientists have reported on a new software-based fault attack affecting newer Intel CPUs (i.e., Skylake onward; some Xeon E platforms) dubbed "Plundervolt," which lets hackers steal crypto keys and induce memory errors by overvolting/undervolting a processor. The exploit breaks Intel's Software Guard Extensions (SGX), a built-in set of instructions that is supposed to prevent the disclosure or modification of application data.
…it turns out that subtle fluctuations in voltage powering the main CPU can corrupt the normal functioning inside the SGX. By subtly increasing or decreasing the current delivered to a CPU—operations known as "overvolting" and "undervolting"—a team of scientists has figured out how to induce SGX faults that leak cryptographic keys, break integrity assurances, and potentially induce memory errors that could be used in other types of attacks. While the exploit requires the execution of privileged code, it doesn't rely on physical access, raising the possibility of remote attacks.
…it turns out that subtle fluctuations in voltage powering the main CPU can corrupt the normal functioning inside the SGX. By subtly increasing or decreasing the current delivered to a CPU—operations known as "overvolting" and "undervolting"—a team of scientists has figured out how to induce SGX faults that leak cryptographic keys, break integrity assurances, and potentially induce memory errors that could be used in other types of attacks. While the exploit requires the execution of privileged code, it doesn't rely on physical access, raising the possibility of remote attacks.
