New Plundervolt attack impacts Intel CPUs

[sman]

New Plundervolt attack impacts Intel CPUs

Intel desktop, server, and mobile CPUs are impacted. Intel has released firmware patches today.

"https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/"

Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency -- the same interface that allows gamers to overclock their CPUs.

Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software.

Intel desktop, server, and mobile CPUs are impacted. A full list of vulnerable CPUs is available at the bottom of this article.

Intel has also released microcode (CPU firmware) and BIOS updates today that address the Plundervolt attack.

Nonetheless, Plundervolt is a serious issue. The research team said it notified Intel in June, and the vendor has worked tirelessly to prepare patches.

Microcode and BIOS updates were released today as part of security advisory INTEL-SA-00289. These updates give administrators a new BIOS option to disable the volting and frequency control interface on their systems, if they don't use it, or if they perceive Plundervolt (CVE-2019-11157) to be a real risk.

According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors
Intel® Xeon® Processor E3 v5 & v6
Intel® Xeon® Processor E-2100 & E-2200 families

Plundervolt is nothing that end-users should worry about. It's an attack vector that is of little interest for malware authors since it's hard to automate at scale. It is, however, an attack vector that could be weaponized in targeted attacks, against specially selected targets. If Plundervolt is a serious threat depends on each user's threat matrix.

A research paper describing the Plundervolt attack can be downloaded from this website. The paper is entitled "Plundervolt: Software-based Fault Injection Attacks against Intel SGX."

[exile360]

Apparently it requires local/physical access to exploit and only applies to Intel's seldom used SGX (Software Guard Extensions) function in their modern CPUs; a feature I always keep disabled as I have no use for it since none of the software I run actually uses it (it's a proprietary API designed for increased application security in memory but isn't in wide use throughout the software industry due to the fact that it's fairly new and only applies to Intel CPUs, not AMD so it is doubtful many vendors will ever implement it; it's just another of those proprietary features/APIs that a chip maker likes to boast about because it sets them apart from their competition just like tech such as RTX and Hairworks from Nvidia).

Intel has had a rough time lately and it appears many of the features built into their modern chips to increase their IPC (Instructions Per Clock/Cycle) and overall performance weren't designed with the best security in mind, sacrificing security and stability for speed.  It is a design trend that has come back to bite them in the butt many times over the past few years and I suspect they will be doing things differently in the future, assuming they survive their current lack of competition and massive number of vulnerabilities compared to their primary competitors AMD, ARM and Nvidia.

[sman]

but still a vulnerability that is prone to exploit, so firmware upgrades would be necessary..

[exile360]

Yes, unfortunately Intel doesn't provide the microcode patches directly to users.  They only give them to OEM's, and if you happen to use either a custom built system or one that comes from a smaller manufacturer that seldom provides any firmware/BIOS patches then you aren't going to be able to patch.  That's the situation I'm in; I didn't even get patches for Spectre and Meltdown outside of the updates provided by Microsoft through Windows Update, however I did find a way to patch the microcode within the OS.  It isn't as effective as firmware patching but it does at least render my system immune to exploits while the OS is loaded meaning that for anyone to actually exploit my system they'd need physical access (since the system obviously has no internet connection prior to loading the OS).

The upside is I get to keep my full performance though, so that's nice.

Edited December 12, 2019 by exile360

[sman]

But, this is not only about PC, but about mobile chips too are affected. So, nothing is known about which mobile is affected??

[exile360]

True, but it's even worse for servers as they are the ones most likely to be targeted by these kinds of exploits (and they're also the ones most likely to use/benefit from features like SGX as they might actually have proprietary applications that utilize it).

[sman]

tkx for info. But with meltdown which is said to affect Qualcomm CPU's , spectre on ARM CPU's, similar SGX exploit attack on these CPU's is not known. Qualcomm's QSEE similar to SGX was patched for vulnerability to exploit private keys sometime back, so plundervolt type attack on QSEE is not known..

"https://fortanix.com/intel-sgx/"

Hackers can recover private keys from Qualcomm chips

"https://www.fudzilla.com/news/mobile/48570-hackers-can-recover-private-keys-from-qualcomm-chips"