A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised.
Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits.
Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells.
However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory.
Plundervolt resembles more with speculative execution attacks like Foreshadow and Spectre, but while Foreshadow and Spectre attack the confidentiality of SGX enclave memory by allowing attackers to read data from the secured enclave, Plundervolt attacks the integrity of SGX to achieve the same.
To achieve this, Plundervolt depends upon a second known technique called CLKSCREW, a previously documented attack vector that exploits energy management of CPU to breach hardware security mechanisms and take control over a targeted system.
“We show that a privileged adversary is able to inject faults into protected enclave computations. Crucially, since the faults happen within the processor package, i.e., before the results are committed to memory, Intel SGX’s memory integrity protection fails to defend against our attacks,” the researchers said.
images from Hacker News