SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

Intel

Intel’s latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other sensitive information protected by the company’s Software Protection Extensions, the advanced feature that acts as a digital vault for secrets most sensitive of security users.

Abbreviated as SGX, the protection is designed to provide a kind of fortress for the preservation of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously committed SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or manipulation by anything else in the system.

Cracks in Intel’s core security

SGX is a cornerstone of the security guarantees that many companies provide to users. The servers used to handle contact discovery for Signal Messenger, for example, rely on SGX to ensure that the process is anonymous. Signal says that running its advanced hashing scheme provides a “general recipe for doing private contact discovery on SGX without leaking any information to parties in control of the machine, even if they connected physical hardware to the memory bus “.

The example is purely hypothetical. Signal spokesman Jun Harada wrote in an email: “Intel alerted us to this paper … and we were able to verify that the CPUs used by Signal are not affected by the findings in this paper and, therefore, they are not vulnerable to the indicated attack.”

The key to SGX’s security and authenticity guarantees is the creation of what are called “locks” or blocks of secure memory. The contents of the latch are encrypted before leaving the processor and written to RAM. They are only decrypted after returning. SGX’s job is to safeguard the latch’s memory and block access to its contents by anything other than the trusted part of the CPU.

announcement

Enter ÆPIC Leak

Since 2018, researchers have made at least seven serious security holes in SGX, some of which completely undermined the assurances Intel makes about them. On Tuesday, a research paper publicly identified a new hole, which also completely breaks SGX guarantees on most 10th, 11th, and 12th generation Intel CPUs. The chipmaker said it released mitigations that prevent the researchers’ proof-of-concept exploit from working any longer.

Expand / A list showing which Intel CPUs are vulnerable.

Borrello et al.

The vulnerability resides in APIC, short for Advanced Programmable Interrupt Controller. APIC is a mechanism built into many modern CPUs that handles and routes interrupts, which are signals generated by hardware or software that cause the CPU to stop its current task so that it can process a higher priority event. The researchers who discovered the flaw have named the vulnerability and its proof-of-concept exploit ÆPIC Leak.

Expand / An overview of ÆPIC Leak.

Borrello et al.

The bug that makes ÆPIC Leak possible is what’s known as an uninitialized memory read, which happens when the memory space isn’t cleared after the CPU has processed it, causing old data to leak which are no longer necessary. Unlike previous CPU flaws with names like Spectre, Meltdown, Foreshadow, and RIDL/Fallout/ZombieLoad, which were the result of transient execution that created side channels that revealed private data, the ÆPIC Leak is an architectural flaw that resides in the CPU itself.

Leave a Comment

Your email address will not be published. Required fields are marked *