Plundervolt Steals Secrets from Intel Chips

Plundervolt Attacks Steal Secrets from Intel Chips

Last edited: December 12, 2019
Reading time: 2 minutes, 43 seconds

Plundervolt attacks target Intel Core chips within devices by tweaking CPU voltage. These attacks provide hackers with access to sensitive data stored inside a secure area of Intel CPUs called the SGX enclave. So far, these attacks have only ever been carried out for research purposes. Nonetheless, the public is advised to install the latest Intel updates as soon as possible.

What is the SGX Enclave

SGX stands for Secure Guard Extensions, a piece of technology used to provide a very powerful security feature present on all Intel chips, and most other chips as well. This security feature, called the SGX enclave, is designed into a small section of Intel chips’ memory.

The SGX enclave is like a safe created within the chip where important processes, like cryptographic processes, run. The enclave is also a storage space for sensitive data, such as cryptographic keys or biometric information. For example, SGX technology has been used in some fingerprint scanners to keep fingerprint data extra secure.

SGX enclaves are designed to be impregnable and are inaccessible to normal processes running on a device outside the enclave. The data within the enclave is supposed to be safe even if hackers take control of a device remotely or have physical access to it.

However, the safe has now been cracked.

How Are Plundervolt Attacks Carried Out?

Carrying out Plundervolt attacks is quite a complicated task. It involves dropping the voltage of electricity flowing to a target device’s Intel chip so as to break the SGX enclave’s security mechanisms and expose data held within it.

To be able to manipulate the voltage, the attackers must first install malware on the target device that provides them complete control over the device and its operating system. Next, attackers need to manipulate model-specific registers on the device that control chip voltage to drop the voltage.

The voltage drop must be carefully adjusted, however, so that it corrupts the enclave but does not crash the system. It also needs to be precisely timed to the exact moment that the secure enclave is executing a task. This causes errors that corrupt the enclave so that the information within can be decoded.

Since Plundervolt attacks take place within the chip itself, any safeguards against outside influences are ineffective.

Who Cracked the Safe?

The technique used to manipulate the voltage of Intel chips to cause them to leak information stored in the enclave is called Plundervolt. The technique was devised by a team of six researchers from the University of Birmingham (UK), KU Leuven University (Belgium) and Graz University of Technology (Austria).

It must be noted, however, that Plundervolt attacks have only ever been carried out for research purposes. They have never been carried out in the wild.

Should the General Public be Worried?

In reality this doesn’t pose a direct threat to the general public. A Plundervolt attack is such a sophisticated and difficult attack to carry out that it is highly unlikely that it would ever be used on a mass scale. If anything, it could be used for targeted attacks on people of interest.

Moreover, Intel has already pushed out an update to its chip firmware that prevents Plundervolt attacks. The public is advised to install this security update as soon as possible.

Main author:

More articles from the ‘News’ section

Comments
Leave a comment
Leave a comment