Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened

A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory. Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened

On March 10, computer researcher Daniel Gruss uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a “Load Value Injection [LVI],” can be used to steal sensitive data from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets.

The attack is significant as SGX processors are designed to provide secure storage sensitive stored within a computer’s memory, even when in the presence of a malicious operating system.

LVI Discloses Cryptocurrency Keys From Intel SGX

The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the attacker can access encrypted keys stored within the SGX. Gruss states:

“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.”

LVI attacks were first discovered by Jo Van Bulk during April 2019. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.

Attacks Are Not Expected To Target Consumer Computers

The paper describes LVI attacks as a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are also susceptible to it.

However, the researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier means with which to compromise consumer-grade computer systems.

The attack must also be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.

Intel Publishes List Of Vulnerable Processors

In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI, noting that all Intel chips with hardware fixed for Meltdown are not at risk. Intel stated:

“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.”

Updated: 6-13-2020

Plundering Of Crypto Keys From Ultrasecure SGX Sends Intel Scrambling Again

Intel’s speculative execution flaws go deeper and are harder to fix than we thought.

For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.

Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

Key to the security and authenticity assurances of SGX is its creation of what are called enclaves, or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.

Raiding Fort Knox

Tuesday’s attacks aren’t the first to defeat SGX. In 2018, a different team of researchers broke into the fortified Intel region after building on an attack known as Meltdown, which, along with a similar attack known as Spectre, ushered in the flurry of processor exploits. A different team of researchers broke SGX earlier this year.

Intel mitigated the earlier SGX vulnerability by introducing microcode updates. However, these mitigations did not last, as two new attacks have sent Intel scrambling anew to devise new defenses. Intel released the new updates on Tuesday and expects them to be available to end users in the coming weeks. Depending on the computer, the fix will either be installed automatically or will require manual intervention. Users, particularly those who rely on the SGX, should check with the manufacturer of their machine and ensure that the update is installed as soon as practical.

The new SGX attacks are known as SGAxe and CrossTalk. Both break into the fortified CPU region using separate side-channel attacks, a class of hack that infers sensitive data by measuring timing differences, power consumption, electromagnetic radiation, sound, or other information from the systems that store it.

The assumptions for both attacks are roughly the same. An attacker has already broken the security of the target machine through a software exploit or a malicious virtual machine that compromises the integrity of the system. While that’s a tall bar, it’s precisely the scenario that SGX is supposed to defend against.
Stealing attacker-chosen secrets

SGAxe is able to steal large chunks of SGX-protected data of an attacker’s choice. One class of sensitive data is that belonging to the target user—for instance, wallet addresses or other secrets used in financial transactions involving blockchains. The picture on the left immediately below this paragraph shows an image file that was stored in a secure enclave. The one on the right shows the same image after it was extracted using SGAxe.

The attack can just as easily steal cryptographic keys that SGX uses for “attestation,” or the process of proving to a remote server that the hardware is a genuine Intel processor and not a malicious simulation of one. A remote server can require connecting devices to provide these attestation keys before it will carry out financial transactions, play protected videos, or perform other restricted functions. In a paper titled SGAxe: How SGX Fails in Practice, researchers from the University of Michigan and the University of Adelaide in Australia wrote:

With the machine’s production attestation keys compromised, any secrets provided by [the] server are immediately readable by the client’s untrusted host application while all outputs allegedly produced by enclaves running on the client cannot be trusted for correctness. This effectively renders SGX-based DRM applications useless, as any provisioned secret can be trivially recovered. Finally, our ability to fully pass remote attestation also precludes the ability to trust any SGX-based secure remote computation protocols.


Related Articles:

Pentagon Employee Charged With Providing Valuable Secrets To Individual Tied To Hezbollah

Hilton’s Waldorf Beverly Hills Used A Spy To Steal Secrets From Rival, Lawsuit Says

Trump To Step-up Domestic-Surveillance Programs! (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply