Home > News content

Intel processor exposes two new vulnerabilities in SGX that allow attackers to easily extract sensitive data

via:cnBeta.COM     time:2020/6/11 12:43:31     readed:535

While Intel is trying to eliminate the negative effects of multiple processor vulnerabilities, security researchers from three universities have mercilessly exposed two other defects of SGX software protection extension instructions.For attackers, this allows them to extract sensitive data fairly easily. Fortunately, the new problems can be repaired through active remedial measures, and there is no evidence that the new holes have been used in the field.

6.18 Activities have been fully launched to promote the activity portal summary:

Ali Cloud 618 in the middle of the cloud click to receive the highest 12000 yuan red envelope

Tianyi cloud's "mid year cloud Festival" has been launched, and cloud products are available in the whole market. 6 yuan up to 8888 yuan package is available

2020 Tmall 618 Super Red Pack will receive an additional $4 billion on June 1

JingDong 6-18 17th Anniversary Celebration Promotes Venue Entrance - Up to 618 Yuan Red envelopes


Data map (from Intel official website)

Researchers from three universities in Michigan, Amsterdam, the Netherlands and Adelaide, Australia, have revealed that attackers can use the way multi-core architecture works to gain access to sensitive data on infected systems.

It has developed corresponding attack methods for the two vulnerabilities and provided the proof of concept of SGAxe and CrossTalk.


Image processed by CPU

The former appears to be an advanced version of the cacheout attack exposed earlier this year, where hackers can extract content from the CPU's L1 cache.

Sgaxe is a failed attempt by Intel to mitigate bypass attacks on software protection extensions (SGX), the researchers explained. As a dedicated area on the CPU, SGX is intended to ensure the integrity and confidentiality of the code and data being processed.


Sgaxe restored image

With the help of transient execution attack, the hacker can recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the EPID key of the machine. The latter is used to secure transactions, such as financial transactions and DRM protected content.

As for the second crosstalk vulnerability, which is a derivative of microarchitecture data sampling (MDS), it can attack the data processed by the CPU's line fill buffer (LBF).


It originally hoped to provide "staging buffer" for CPU kernel access, but hackers could use special software running on a single core to destroy the software code and data private key to protect its running.

It is reported that the new vulnerability affects a number of Intel processors released in 2015-2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to resist such new attacks).

According to Intel's June security announcement, only a very small number of people can launch these attacks in the laboratory environment, and there are no reports that the vulnerability has been exploited in the wild.

Even so, the company will release microcode updates as soon as possible, while invalidating previously issued certification keys.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments