Combined group of researchers from the University of Birmingham (UK), University of Leuven (Belgium) and Graz University of Technology (Austria) disclosed data on the Plundervolt attack (CVE-2019-11157), which poses a threat to Intel processors and affects data integrity in Intel SGX enclaves. PoC exploit already been posted on github.
Let me remind you that even with the release of the Skylake architecture, Intel introduced a technology called SGX (Software Guard Extensions) SGX is a set of CPU instructions by which applications can create protected zones (enclaves) in the address space of the application, inside which various sensitive data can be stored under reliable protection. SGX enclaves are usually isolated at the hardware level (SGX memory is separate from the rest of the CPU memory) and at the software level (SGX data is encrypted). The developers themselves describe the technology as a kind of "reverse sandbox" (inverse sandbox).
Plundervolt is based on the abuse of the interface, through which the operating system can control the voltage and frequency of the processor, the same interface is used by gamers during overclocking. In fact, the researchers proved that by adjusting the voltage and frequency of the processor, they can change the bits inside the SGX to cause errors that can be used later after the data leaves the safe enclave. As a result, the Plundervolt attack can be used to restore encryption keys or introduce bugs into previously reliable software.
Plundervolt authors explain that their development combines the ideas of the previously known attacks of Rowhammer, CLKSCREW and VoltJockey: it uses the CPU power management interface to change the voltage and frequency inside the SGX memory cells, which provokes data changes. These changes do not violate the security of SGX, but they introduce errors in SGX operations and the data being processed. In other words, Plundervolt does not violate SGX protection, but sabotages the results.
Thus, Plundervolt can be used, for example, to provoke errors in the algorithms and encryption operations performed inside SGX. As a result, after the encrypted content leaves the SGX enclave, it can be easily cracked: the attacker will be able to recover the encryption key that was originally used to encrypt the data.
Plundervolt can also be used to introduce errors into previously protected applications, which will allow an attacker to attack them after exiting SGX.
Researchers acknowledge that experimenting with the voltage and frequency of the processor can cause problems, crashes of the operating system and even damage the processor itself, but note that, as a rule, Plundervolt attacks are safe and should not adversely affect the system.
It is also noted that Plundervolt is much faster than other "processor" attacks, such as Specter, Meltdown, Zombieload, RIDL and so on. Since the flipping of bits can be carried out very quickly, for example, to extract the AES key it will take only a few minutes, including the calculations necessary to get the key from the damaged ciphertext.
But there is good news: Plundervolt cannot be used remotely, that is, the attack must be launched by an application that is already present on the infected host and has root or admin rights. In addition, Plundervolt does not work from virtual environments, including virtual machines and cloud computing services, due to the limited access for the guest OS to the interface that controls the voltage and frequency of the processor.
Intel representatives said the following processors are vulnerable to Plundervolt attacks:
- Intel® 6, 7, 8, 9, and 10 CoreTM Processors
- Intel® Xeon® Processor E3 v5 and v6
- Intel® Xeon® Processor E-2100 and E-2200 Families
Intel engineers were warned about Plundervolt back in June 2019, so the company had time to prepare patches. Firmware and BIOS updates already published on the manufacturer’s website. Using these patches, administrators can disable the BIOS interface for controlling the voltage and frequency of the CPU in those systems where it is not used and only creates unnecessary risks.