CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Intel SGX Can Be Abused to Hide Advanced Malware: Researchers

A team of researchers has demonstrated that Intel’s SGX technology can be abused to hide an advanced and stealthy piece of malware that could allow attackers to steal data and conduct activities on the victim’s behalf. Intel says its technology works as intended and it’s not designed to block these types of attacks.

A team of researchers has demonstrated that Intel’s SGX technology can be abused to hide an advanced and stealthy piece of malware that could allow attackers to steal data and conduct activities on the victim’s behalf. Intel says its technology works as intended and it’s not designed to block these types of attacks.

Michael Schwarz, Samuel Weiser and Daniel Gruss of the Graz University of Technology in Austria have conducted an analysis of Intel SGX and the practicality of enclave malware. It’s worth noting that Schwarz and Gruss were also involved in the discovery of the notorious Meltdown and Spectre vulnerabilities.

Intel Software Guard Extension (SGX) is an isolated execution technology present in Intel processors. It’s designed to protect code and data against disclosure and changes – even if the system has been compromised – by allowing developers to partition their applications into hardware-protected memory regions called enclaves. The technology is advertised for cloud environments, digital rights management (DRM), secure browsing, and other applications.

Intel SGX can be abused by malwareWhile the technology can be highly useful, it can also be leveraged for malicious purposes. SGX enclaves can be ideal for hiding a piece of malware as they prevent antiviruses from inspecting code running in them, and cybercriminals could develop ransomware that stores encryption keys inside an enclave to make file recovery impossible.

Researchers demonstrated in the past that enclave malware can use side channels to steal sensitive information, but it has been assumed that there are serious limitations to what enclave malware can do. Some previously developed enclave malware relied on an application running on the host to perform malicious activities.

However, researchers from the Graz University of Technology have now shown that enclave malware can be practical and it does not necessarily need support from a malicious host application. They demonstrated how a piece of malware can bypass SGX restrictions and stealthily exploit a benign host application.

In the attack scenario described by the experts, the victim uses a trusted and secure system. The attacker delivers a benign application that uses a malicious enclave when executed. The host application communicates with the enclave through an interface that should not allow the enclave to attack the app.

However, despite serious restrictions, the researchers have demonstrated that it is possible to escape the enclave and achieve arbitrary code execution with host privileges even without exploiting any hardware flaws in SGX. The attack can even bypass exploit protections such as ASLR, stack canaries, and Address Sanitizer.

Theoretical attack scenarios described by the experts involve criminal threat actors delivering the malware as computer games requiring the execution of a DRM enclave, a messaging app that runs an enclave for security reasons, and a special decoder that allegedly needs an enclave to provide an interesting feature. In attack scenarios involving a state surveillance agency, the enclave malware is delivered via state-endorsed applications, such as digital signature tools.

Advertisement. Scroll to continue reading.

Hackers could steal or encrypt files for ransom attacks, or they could perform actions on the victim’s behalf, including to send out phishing emails or launch denial-of-service (DoS) attacks, experts said.

Sophisticated threat actors may find this method useful as it can help them ensure that the zero-day vulnerabilities exploited in their attacks are not exposed if their malware is discovered. The method allows an attacker to trigger the exploit at a specified moment to prevent discovery before execution, which can be useful for large-scale synchronized threats such as botnets and ransomware.

“[Hiding] malware in an SGX enclave give attackers plausible deniability and stealthiness until they choose to launch the attack. This is particularly relevant for trigger-based malware that embeds a zero-day exploit, but also to provide plausible deniability for legal or political reasons, e.g., for a state actor. Possible scenarios range from synchronized large-scale denial-of-service attacks to targeted attacks on individuals,” the researchers explained.

“We conclude that instead of protecting users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits. Our results lay ground for future research on more realistic trust relationships between enclave and non-enclave software, as well as the mitigation of enclave malware,” they noted.

Contacted by SecurityWeek, Intel has thanked the researchers for their work and for coordinating disclosure of the method. However, the tech giant says the research is “based upon assumptions that are outside the threat model for Intel SGX.”

“The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources,” Intel said.

Related: Foreshadow – New Speculative Execution Flaws Found in Intel CPUs

Related: Intel CPUs Vulnerable to New ‘BranchScope’ Attack

Related: Intel Offers Up to $30,000 for Hardware Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...