Plundervolt Vulnerability Breaches Intel’s CPU to Steal Data

‘Plundervolt’ attack breaches chip security with a shock to the system https://t.co/eRu13O31Nb pic.twitter.com/2taUL1EO67

— TechCrunch (@TechCrunch) December 10, 2019

A new exploitation technique, dubbed Plundervolt, can steal confidential data by causing a fundamental shock to victim processors, Tom’s Hardware reports. Plundervolt can reportedly mess with the electricity supply provided to computer chips, thus being able to steal confidential data being transferred.

Power Tweaks and Data Leaks

For a clear view of how Plundervolt works, understand this; computer chips follow specific rules concerning how they consume electricity for their operations. Rather than using power non-stop round the clock (which will drain battery power significantly), chips have been designed to use just the right amount of power that its processor needs to get a specific task done. Also, Intel, one of the world’s most popular manufacturers of microprocessors, comes with something called the Intel Software Guard Extensions (SGX). The extensions create the Secure Enclave; a special area in the processor’s memory, which handles specific tasks (such as cryptography. The data in this enclave is restricted to other processes, so in the event of a hack, this data remains inaccessible to the attackers as well. The creators of Plundervolt, however, were able to breach the enclave and steal the data hidden there. According to some researchers who commented on the vulnerability, they claim that it is possible for an attacker to control the operating system and access the “Model-Specific Registers,” the component in charge of supplying voltage to the processor. The beauty of the Plundervolt attack is in its accuracy. General voltage tweaks could cause modern chips to malfunction, but this attack uses hidden registers to cause slight changes to the voltage going into the chip, and it does so at the exact moment when the Secure Enclave is conducting an important task. By doing so, it can cause the chip to make some predictable faults, including and especially revealing important data. The attack can also be remotely conducted, provided that the hacker can gain access to the operating system.

Plundervolt Steps Into a Crowded Field

Plundervolt has the potential of growing into quite the security threat, although the complexity of the attack could deter hackers from conducting it. For now, the attack is still not on the scale of Meltdown and Spectre; two attack techniques that researchers use to circumvent protection techniques employed by chip manufacturers.

#Tech Update: RT @TheNextWeb: Intel will fix #Meltdown and #Spectre flaws in all recent chips this month https://t.co/TnNWXTwJhr #hack

— Stephanie Humphrey (@TechLifeSteph) January 10, 2018

Meltdown affects majorly Intel chips, breaking through barriers that restrict access to the most secure parts of a processor’s memory. On the other hand, Spectre has a wider field of victims, as it’s able to affect AMD, ARM, and Intel processors. Spectre tricks applications running on a processor to disclose information which will ideally be inaccessible, and while it is trickier to pull off, it’s also more difficult to scrape.

---

Images are courtesy of Twitter, Pixabay, Shutterstock.