Turn down the dial, ramp up the hacking

Plundervolt attack can be used to steal secrets from Intel devices

Supplying a lower than rated voltage to certain Intel microprocessors renders the chip giant’s secure enclave technology vulnerable to attack, security researchers have discovered.

To manage heat and power consumption, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – a process known as ‘undervolting’ or ‘overvolting’.

This process is accomplished through privileged software interfaces, such as a “model-specific register” in the case of Intel Core processors.

These software interfaces can be exploited to undermine the system’s security, an international team of computer scientists discovered through an EU-funded project that led to the discovery of a new attack, dubbed ‘Plundervolt’ (CVE-2019-11157).

“We were able to corrupt the integrity of Intel SGX [Software Guard Extensions] on Intel Core processors by controlling the voltage when executing enclave computations,” the researchers explain.

“This means that even Intel SGX’s memory encryption/authentication technology cannot protect against Plundervolt.”

Enclave unwrapped

Enclave computations such as those provided by Intel’s SGX technology are used to shield sensitive processes from attack, even if the host system is infected by malware.

However, using a Plundervolt exploit, researchers have apparently demonstrated how an AES encryption key can be recovered from a vulnerable device by undervolting the processor so that fault conditions are generated.

Cryptoanalysis techniques were then employed to determine the private encryption key.

The same approach could facilitate memory corruption.

Academics from the University of Birmingham’s School of Computer Science in the UK, along with researchers from Graz University of Technology and KU Leuven’s imec-DistriNet group carried out the research.

Exploit caveats

The researchers’ findings show that the hardware-based security offered by Intel SGX is capable of being undermined, although there are caveats.

Importantly, the undervolting interface is only accessible to users with root privileges in the untrusted operating system.

Read more hardware security news from The Daily Swig

“It would not make sense to attack software with undervolting when you’re already root, apart from the case of SGX (which should protect against a root attacker),” the researchers explain.

However, attackers – providing they have root – would not need physical access to a target machine because the undervolting interface is accessible from software, so Plundervolting attacks might be carried out remotely.

The computer scientists investigated common hypervisors and virtual machine (VM) software, finding that the guest OS cannot access the undervolting interface, ruling out this line of attack as a means to hack into VMs.

The Plundervolt exploit was given a new logo

BIOS update

More details of the research – along with proof-of-concept demonstration videos – were released on a dedicated website on Tuesday.

The research has been accepted for a presentation at the upcoming IEEE Security and Privacy 2020 conference.

A paper on the research, entitled ‘Plundervolt: Software-based Fault Injection Attacks against Intel SGX’ (PDF), is already available.

Intel has responded to the potential security threat by supplying a microcode update that – together with a BIOS update – allows the selective disabling of the undervolting interface, as explained in a security advisory.

“Improper conditions check in voltage settings for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access,” Intel admits.

The Daily Swig has invited Intel to comment on the research. We’ll update this story as and when more information comes to hand.

David Oswald, senior lecturer in Computer Security at the University of Birmingham, said: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves.

“Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”

Bolt notes

The research was funded by the Engineering and Physical Sciences Research Council and by the European Union’s Horizon 2020 research and innovation program.

Kit Murdock, David Oswald, Flavio Garcia (The University of Birmingham); Jo Van Bulck, Frank Piessens (imec-DistriNet, KU Leuven) and Daniel Gruss (Graz University of Technology) teamed up to carry out the research, which was disclosed to Intel back in June.

Plundervolt is a similar to previous undervolting attacks such as CLKScrew and VoltJockey that targeted ARM processors and ARM Trustzone, even though the Intel SGX target is different.

SGX is a set of security-related instruction codes that are built into modern Intel CPUs.

YOU MIGHT ALSO LIKE New tool offers Metasploit-like framework for hacking into drones