Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX

A group of researchers from the University of Birmingham has devised a new attack that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) enclaves through controlling the CPU core voltage.

A group of researchers from the University of Birmingham has devised a new attack that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) enclaves through controlling the CPU core voltage.

The attack relies on VoltPillager, “a low-cost tool for injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator on the motherboard,” and can be used to fault security-critical operations.

The open-source hardware device can inject Serial Voltage Identification (SVID) packets, thus allowing the researchers to fully control the CPU core voltage and perform fault-injection attacks.VoltPillager

In a newly published paper, six researchers from the School of Computer Science at the University of Birmingham in the UK demonstrate that their attack is more powerful than software-based under-volting attacks targeting SGX, such as CVE-2019-11157, also known as Plundervolt.

The researchers, who present proof-of-concept key-recovery attacks targeting the cryptographic algorithms inside the SGX, note that VoltPillager could be abused by untrusted cloud providers that have physical access to hardware.

During their investigation, the researchers discovered that a Voltage Regulator (VR) on the motherboard regulates the voltage of the CPU based on information received from the SVID, and that SVID packets are not cryptographically authenticated.

Next, they built a microcontroller-based board that, when connected to the SVID bus, can be used to inject commands and control the CPU voltage. The device is based on the widely available Teensy 4.0 microcontroller board.

This, the researchers say, allowed them to mount the first hardware-based attacks that breach SGX’s integrity and to recover end-to-end secret keys. The attack model assumes that the adversary has full control over the BIOS and operating system.

Moreover, the researchers have demonstrated that the countermeasures that Intel implemented for CVE-2019-11157 fail to prevent fault-injection attacks if the adversary has physical access, and they’ve presented novel fault effects of hardware-based under-volting.

Advertisement. Scroll to continue reading.

“We have proven that this attack vector is practical by recovering RSA keys from an enclaved application, and have shown that other fundamental operations such as multiplication and memory/cache writes can be faulted as well. These lead to novel memory safety vulnerabilities within SGX, which are not detected by SGX’s memory protection mechanisms,” the researchers note.

The findings were disclosed to Intel on March 13, 2020, but the company does not plan on addressing the concerns, noting that the SGX threat model does not include hardware compromise and that the patches released for Plundervolt were not meant to protect against hardware-based attacks.

Due to the results of their investigation and the fact that Intel does not plan to address the attack, the researchers question SGX’s ability to keep information confidential in the context of a malicious cloud services provider that has physical access to hardware.

“The results in this paper, together with the manufacturer’s decision to not mitigate this type of attack, prompt us to reconsider whether the widely believed enclaved execution promise of outsourcing sensitive computations to an untrusted, remote plat-form is still viable,” the researchers conclude.

Related: Plundervolt Attack Uses Voltage to Steal Data From Intel Chips

Related: Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...