In today’s world, computer devices and their components have in-built safeguards to protect against a litany of external attacks. This is a standard procedure. But, how do you protect your data when an attacker uses physical means to compromise the security of your computer chips.
A new exploitation technique, dubbed Plundervolt, can steal confidential data by causing a fundamental shock to victim processors, Tom’s Hardware reports. Plundervolt can reportedly mess with the electricity supply provided to computer chips, thus being able to steal confidential data being transferred.
‘Plundervolt’ attack breaches chip security with a shock to the system https://t.co/eRu13O31Nb pic.twitter.com/2taUL1EO67— TechCrunch (@TechCrunch) December 10, 2019
Power Tweaks and Data LeaksFor a clear view of how Plundervolt works, understand this; computer chips follow specific rules concerning how they consume electricity for their operations. Rather than using power non-stop round the clock (which will drain battery power significantly), chips have been designed to use just the right amount of power that its processor needs to get a specific task done. Also, Intel, one of the world’s most popular manufacturers of microprocessors, comes with something called the Intel Software Guard Extensions (SGX). The extensions create the Secure Enclave; a special area in the processor’s memory, which handles specific tasks (such as cryptography. The data in this enclave is restricted to other processes, so in the event of a hack, this data remains inaccessible to the attackers as well. The creators of Plundervolt, however, were able to breach the enclave and steal the data hidden there. According to some researchers who commented on the vulnerability, they claim that it is possible for an attacker to control the operating system and access the “Model-Specific Registers,” the component in charge of supplying voltage to the processor. The beauty of the Plundervolt attack is in its accuracy. General voltage tweaks could cause modern chips to malfunction, but this attack uses hidden registers to cause slight changes to the voltage going into the chip, and it does so at the exact moment when the Secure Enclave is conducting an important task. By doing so, it can cause the chip to make some predictable faults, including and especially revealing important data. The attack can also be remotely conducted, provided that the hacker can gain access to the operating system.
Plundervolt Steps Into a Crowded FieldPlundervolt has the potential of growing into quite the security threat, although the complexity of the attack could deter hackers from conducting it. For now, the attack is still not on the scale of Meltdown and Spectre; two attack techniques that researchers use to circumvent protection techniques employed by chip manufacturers.
Meltdown affects majorly Intel chips, breaking through barriers that restrict access to the most secure parts of a processor’s memory. On the other hand, Spectre has a wider field of victims, as it’s able to affect AMD, ARM, and Intel processors. Spectre tricks applications running on a processor to disclose information which will ideally be inaccessible, and while it is trickier to pull off, it’s also more difficult to scrape.
#Tech Update: RT @TheNextWeb: Intel will fix #Meltdown and #Spectre flaws in all recent chips this month https://t.co/TnNWXTwJhr #hack— Stephanie Humphrey (@TechLifeSteph) January 10, 2018
Images are courtesy of Twitter, Pixabay, Shutterstock.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.