Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened
A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory. Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened
On March 10, computer researcher Daniel Gruss uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a “Load Value Injection [LVI],” can be used to steal sensitive data from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets.
The attack is significant as SGX processors are designed to provide secure storage sensitive stored within a computer’s memory, even when in the presence of a malicious operating system.
LVI Discloses Cryptocurrency Keys From Intel SGX
The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the attacker can access encrypted keys stored within the SGX. Gruss states:
“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.”
LVI attacks were first discovered by Jo Van Bulk during April 2019. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.
Attacks Are Not Expected To Target Consumer Computers
The paper describes LVI attacks as a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are also susceptible to it.
However, the researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier means with which to compromise consumer-grade computer systems.
The attack must also be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.
Intel Publishes List Of Vulnerable Processors
In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI, noting that all Intel chips with hardware fixed for Meltdown are not at risk. Intel stated:
“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.”
Plundering Of Crypto Keys From Ultrasecure SGX Sends Intel Scrambling Again
Intel’s speculative execution flaws go deeper and are harder to fix than we thought.
For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.
Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.
Key to the security and authenticity assurances of SGX is its creation of what are called enclaves, or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.
Raiding Fort Knox
Tuesday’s attacks aren’t the first to defeat SGX. In 2018, a different team of researchers broke into the fortified Intel region after building on an attack known as Meltdown, which, along with a similar attack known as Spectre, ushered in the flurry of processor exploits. A different team of researchers broke SGX earlier this year.
Intel mitigated the earlier SGX vulnerability by introducing microcode updates. However, these mitigations did not last, as two new attacks have sent Intel scrambling anew to devise new defenses. Intel released the new updates on Tuesday and expects them to be available to end users in the coming weeks. Depending on the computer, the fix will either be installed automatically or will require manual intervention. Users, particularly those who rely on the SGX, should check with the manufacturer of their machine and ensure that the update is installed as soon as practical.
The new SGX attacks are known as SGAxe and CrossTalk. Both break into the fortified CPU region using separate side-channel attacks, a class of hack that infers sensitive data by measuring timing differences, power consumption, electromagnetic radiation, sound, or other information from the systems that store it.
The assumptions for both attacks are roughly the same. An attacker has already broken the security of the target machine through a software exploit or a malicious virtual machine that compromises the integrity of the system. While that’s a tall bar, it’s precisely the scenario that SGX is supposed to defend against.
Stealing attacker-chosen secrets
SGAxe is able to steal large chunks of SGX-protected data of an attacker’s choice. One class of sensitive data is that belonging to the target user—for instance, wallet addresses or other secrets used in financial transactions involving blockchains. The picture on the left immediately below this paragraph shows an image file that was stored in a secure enclave. The one on the right shows the same image after it was extracted using SGAxe.
The attack can just as easily steal cryptographic keys that SGX uses for “attestation,” or the process of proving to a remote server that the hardware is a genuine Intel processor and not a malicious simulation of one. A remote server can require connecting devices to provide these attestation keys before it will carry out financial transactions, play protected videos, or perform other restricted functions. In a paper titled SGAxe: How SGX Fails in Practice, researchers from the University of Michigan and the University of Adelaide in Australia wrote:
With the machine’s production attestation keys compromised, any secrets provided by [the] server are immediately readable by the client’s untrusted host application while all outputs allegedly produced by enclaves running on the client cannot be trusted for correctness. This effectively renders SGX-based DRM applications useless, as any provisioned secret can be trivially recovered. Finally, our ability to fully pass remote attestation also precludes the ability to trust any SGX-based secure remote computation protocols.