Researchers Find New Flaw in Modern Intel CPUs
Researchers discovered a new attack affecting modern Intel CPUs, which could allow a hacker to get secure information such as encryption keys, from affected processors by altering their voltage. The attack involves Intel Software Guard Extensions ( SGX ), a set of security related instruction codes that are built into Intel CPUs. Intel SGX shields sensitive data such as AES encryption keys by physically separating it from other CPU memory and is protected by software encryption.
Researchers found a way to target the safeguards used by PC operating systems to control processor voltage and frequency, tampering with then to alter the bits held inside Intel SGX and create exploitable glitches. The vulnerability is being called Plundervolt. Researchers were able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations. This means that even Intel SGX's memory encryption / authentication technology can' protect against Plundervolt.
Hackers can launch the Plundervolt attack by playing with Intel CPU voltage and frequencies. Users can override the amount of processor power by adjusting predefined processor frequency and voltage levels using a process commonly triggered by gamers looking to overclock their CPUs. Users can tweak the Model-Specific Registers, which control chip voltage. Hackers with control over a victim's operating system can use this same method to decrease voltage and launch the Plundervolt attack.
Intel issued microcode and BIOs updates for the high-severity vulnerability (CVE-2019-11157). Intel recommends that users update to the latest BIOS version provided by the system manufacturer that addresses these issues. An SGX TCB key recovery is planned for early 2020.