This Tuesday, security researchers revealed the existence of a new flaw that could allow cybercriminals and hackers to steal sensitive digital secrets from Intel’s SGX.
Intel’s SGX (Software Guard eXtension) acts as a digital vault for the users’ private information, and it appears that this newly-discovered flaw is unfixable.
A New Wave of Exploits and Hacks
CPU makers have been fighting against all kinds of vulnerabilities and exploits that could lead to password theft and leaks of other sensitive data for a long time now. On the surface, this Load Value Injection (LVI) — the name researchers chose for the proof-of-concept attacks — works similarly to some of the previous vulnerabilities.
All of the flaws of this type seem to originate from something called ‘speculative execution’ — an optimization that allows the CPU to try and predict future instructions. The vulnerability gave way to exploits such as Spectre and Meltdown, which were the first to become public. However, it did not end there.
How Does the New Flaw Work?
Now, this latest flaw gives way to exploits that upend SGX’s confidentiality guarantee completely. The LVI allows attackers to steal secrets from the SGX enclave, which may include passwords, encryption keys, cryptocurrency private keys, and more. There is an entire list of affected processors that Intel has created, and it can be viewed here.
Fortunately, chips that already have hardware fixes for exploits such as Meltdown are not vulnerable. However, researchers say that this LVI is harder to mitigate than previous exploits since it can affect any access to memory. It is also noteworthy that it reverses the exploitation process of Meltdown, and it turns the flow around by injecting data that poisons hidden processor buffers.
The method mostly works against Intel CPUs, but it is not limited to these chips, and ARM chips can be affected as well, even though researchers still do not know why.