Whenever there’s a widespread attack performed by hackers, there will be some guy or team understanding the attack and undoing it. Yet, black hats find a new way to sneak in. Here’s a new story of hackers exploiting the Intel CPUs in a clever way.
This new attack was named PlunderVolt (CVE-2019-11157) and relies on the Bit Flipping mechanism to attack systems. As the new generation CPUs are able to adjust the voltage and frequency passing through, bit flipping attack operates by altering the amount of voltage that’s been supplied to the system. If that’s able to be controlled, inducing errors into memory would be easy. PlunderVolt aims to affect Intel’s most secured part SGX to exploit the crucial data.
What’s Intel SGX?
Software Guard Extensions is a privately held region in CPUs memory that stores encrypted code of OS and other data securely. This region is called Enclave(s). The contents within are shielded heavily and are not lost or altered even the entire CPU (or network) is corrupted. But being a part of the system, even it needs the power to be functioning. And here’s where they got the loophole.
PlunderVolt attacks the integrity of SGX by altering the electric charge going onto enclave and corrupting its code even before it’s written into it. This allows the hackers to read the data within even before something is stored in, or at least letting them in and write malicious code in SGX.
This core space is used for remote computing, secure browsing, storing encryption keys, etc. So if the enclave is so secured to be storing such sensitive information, guess what happens if it’s compromised?
Yes, the data breach by allowing hackers to gain access and exploit the entire system and even network. They do this in a real new way by altering the voltage supplied to the CPU!
Starting with Skylake generation, all Intel systems with SGX cores are vulnerable to this PlunderVolt attack. Detailing further, Intel CPUs with 6th, 7th, 8th, 9th & 10th Generation Core Processors, Intel Xeon Processor E3 v5 & v6, the Xeon Processor E-2100 & E-2200 Families are prone to this attack. For a full list of affected systems, you can check from Intel’s security advisory INTEL-SA-00289.
Intel recommends users to visit its blog for any information and install security patches as soon released. The company has recently released solutions for nearly 15 problems that would affect its CPU operations, which includes the addressing of the PlunderVolt problem. Intel solves PlunderVolt by locking the voltage to default settings.