This Tuesday, security researchers revealed the existence of a new flaw that could allow cybercriminals and hackers to steal sensitive digital secrets from Intel’s SGX.Intel’s SGX (Software Guard eXtension) acts as a digital vault for the users’ private information, and it appears that this newly-discovered flaw is unfixable.
How Does the New Flaw Work?Now, this latest flaw gives way to exploits that upend SGX’s confidentiality guarantee completely. The LVI allows attackers to steal secrets from the SGX enclave, which may include passwords, encryption keys, cryptocurrency private keys, and more. There is an entire list of affected processors that Intel has created, and it can be viewed here. Fortunately, chips that already have hardware fixes for exploits such as Meltdown are not vulnerable. However, researchers say that this LVI is harder to mitigate than previous exploits since it can affect any access to memory. It is also noteworthy that it reverses the exploitation process of Meltdown, and it turns the flow around by injecting data that poisons hidden processor buffers. The method mostly works against Intel CPUs, but it is not limited to these chips, and ARM chips can be affected as well, even though researchers still do not know why.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.