Intel SGX is vulnerable to an unfixable flaw that can steal crypto keys and more
For the past 26 months, Intel and other CPU makers have been assailed by Spectre, Meltdown, and a steady flow of follow-on vulnerabilities that make it possible for attackers to pluck passwords, encryption keys, and other sensitive data out of computer memory. On Tuesday, researchers disclosed a new flaw that steals information from Intel's SGX, short for Software Guard eXtensions, which acts as a digital vault for securing users' most sensitive secrets.
On the surface, Load Value Injection, as researchers have named their proof-of-concept attacks, works in ways similar to the previous vulnerabilities and accomplishes the same thing. All of these so-called transient-execution flaws stem from speculative execution, an optimization in which CPUs attempt to guess future instructions before they're called. Meltdown and Spectre were the first transient execution exploits to become public. Attacks named ZombieLoad, RIDL, Fallout, and Foreshadow soon followed. Foreshadow also worked against Intel's SGX.
Breaking the vaultBy getting a vulnerable system to run either JavaScript stored on a malicious site or code buried in a malicious app, attackers can exploit a side channel that ultimately discloses cache contents belonging to other apps that should normally be off-limits. This latest vulnerability, which like other transient-execution flaws can only be mitigated and not patched, gives way to exploits that completely upend a core confidentiality guarantee of SGX.
Read 15 remaining paragraphs | Comments