Not again. Intel rocked by another data stealing vulnerability that affects the secure CPU enclave
A team of researchers have uncovered another cyber security flaw that impacts central processing units (CPUs) from Intel.
The flaw, called Foreshadow, is speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds.
The new vulnerability comes hot on the heels of the discovery of the Meltdown and Spectre flaws in early January. Matters were not helped when Intel botched the initial fix for the problem, and dismissed warnings that the fixes would impact the processor performance.
Intel later admitted that a hardware change in chips shipping this year would replace the performance-draining software patches.
But now a group of researchers from five academic institutions discovered that the most secure area of Intel chips is not as secure as it should be.
This secure area is called the Software Guard Extensions feature (SGX). Essentially, this allows programs to create secure enclaves on Intel processors. This is a region on the Intel processor that can be sectioned off to run code that the computer’s operating system can’t access or change. Basically it is safe haven for sensitive data or code that is supposed to be secure, even if the computer or server itself is compromised by malware.
But the researchers warn that the Foreshadow flaw has two versions.
“The original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory,” said the researchers.
A video of the flaw can be found here.
The researchers, when they discovered the flaw, alerted Intel in early January. Intel then identified two closely related variants, potentially affecting additional microprocessors, SMM code, Operating system and Hypervisor software.
And Intel admits the flaw is very serious, as the Foreshadow bugs can allow malicious applications “to infer the values of data in the operating system memory, or data from other applications.”
Intel also said a malicious guest virtual machine (VM) may be able to infer the values of data in the VMM’s memory, or values of data in the memory of other guest VMs; malicious software running outside of SMM may be able to infer values of data in SMM memory; and finally malicious software running outside of an Intel SGX enclave or within an enclave may be able to infer data from within another Intel SGX enclave.
Intel has released new microcode for many of the processors affected and patched are included in Microsoft’s latest Patch Tuesday security update.
One expert highlighted the threat this type of flaw poses to cloud service providers.
“Cloud providers of virtual servers are more susceptible than on-premises networks in this instance because that’s the most likely place you’d have one physical server housing dozens of virtual machines run by different companies,” explained Ken Spinner, VP of field engineering at Varonis.
“If the vulnerability could be successfully exploited, attackers could hit the jackpot,” said Spinner. “However, a data centre could hold literally hundreds of thousands of servers and potentially millions of VMs. Hackers would be conducting an unfocused attack, rather than focusing on exploiting a target organisation. It would be a shot in the dark.”
“These vulnerabilities are the latest in a long line of exploits,” he concluded. “While the approaches change, the goal often stays the same – to grab your company’s data. To complicate matters, most companies are dealing with hybrid data stores with some of their data on-premises and some in the cloud, which creates challenges and potential risk from a security and data governance standpoint. Never assume your data is safe in the cloud.”
Do you know all about Intel? Take our quiz.