Intel SGX is vulnerable to an unfixable flaw that can steal crypto keys and more

reader comments

45 with 32 posters participating

For the past 26 months, Intel and other CPU makers have been assailed by Spectre, Meltdown, and a steady flow of follow-on vulnerabilities that make it possible for attackers to pluck passwords, encryption keys, and other sensitive data out of computer memory. On Tuesday, researchers disclosed a new flaw that steals information from Intel’s SGX, short for Software Guard eXtensions, which acts as a digital vault for securing users most sensitive secrets.

On the surface, Load Value Injection, as researchers have named their proof-of-concept attacks, works in ways similar to the previous vulnerabilities and accomplishes the same thing. All of these so-called transient-execution flaws stem from speculative execution, an optimization in which CPUs attempt to guess future instructions before they’re called. Meltdown and Spectre were the first transient execution exploits to become public. Attacks named ZombieLoad, RIDL, Fallout, and Foreshadow soon followed. Foreshadow also worked against Intel’s SGX.

Breaking the vault

By getting a vulnerable system to run either JavaScript stored on a malicious site or code buried in a malicious app, attackers can exploit a side channel that ultimately discloses cache contents belonging to other apps and should normally be off limits. This latest vulnerability, which like other transient-execution flaws can only be mitigated and not patched, gives way to exploits that completely upend a core confidentiality guarantee of SGX.

Load Value Injection, or LVI for short, is especially important because the exploit allows for the raiding of secrets stored in the SGX enclave, the name often used for Intel’s Software Guard eXtensions.

Continue reading – Article source