The attack, called Plundervolt by researchers, exploits the interface that allows an operating system to influence the voltage and frequency of an Intel processor. It is the same interface that allows gamers to overclock their CPUs.
Two research teams from different parts of the world have found a new technique that can help hackers to play with Intel chip voltage to cause them to lose stored data using the secure protection extension interface of Intel. The “secure enclaves” in a device’s memory are intended to be impregnable. Intel, that has been asking teams to keep their findings secret for the previous six months, has confirmed the findings and released an update to their chip firmware to avoid the attack today.
The technique termed Plundervolt by one of the two teams is to install malicious software on a target computer that temporarily lowers the voltage of electricity flowing to an Intel chip. The voltage drop known as “undervoltage,” typically makes it possible for legitimate users to save power when they do not require maximum performance. (Similarly, for more intensive tasks you can use the voltage variance function to “overclock” a processor).
By momentarily setting a processor to 25% to 30% and effectively synchronizing the voltage shift, a hacker may trigger a chip to make mistakes in personal data calculations. And those failures will expose such sensitive information as a cryptographic key or biometric data stored in the SGX enclave.
Researchers acknowledge that it is not entirely easy to knock off the attack. The hacker must have downloaded their malware somehow with high-level, or root privilege on the target computer. But even in the face of such highly privileged malware Intel has advertised its SGX functionality as avoiding fraud or misuse of sensitive data. The researchers say that they have shown a serious exception to this guarantee.
Intel Patches Plundervolt
During the December 2019 Patch Tuesday, Intel addressed 14 security vulnerabilities, seven of which were high and medium security flaws that affected different platforms including Windows and Linux.
As part of the INTEL-SA-00289 advisory Plundervolt attacks will abuse the vulnerability of CVE-2019-11157 via local access.
“INTEL-SA-00289 is an advisory we worked on with multiple academic researchers that affects client systems, and some Xeon E based platforms. Some of the researchers have demonstrated the same class of issue on non-Intel architectures,” Intel says.
Intel’s 9 security advisories published on its Product Security Center outlined the security issues fixed today, with the company providing them to customers through the Intel Platform Update (IPU) system.
The vulnerabilities revealed today may potentially enable authenticated or privileged users to reveal information, cause denial of service states, increase privileges, or run malicious code at a high privilege level through local access.
Every advisory provides a detailed list of all impacted products and recommendations for vulnerable products as well as contact details for users and analysts seeking to report any flaws discovered in Intel’s licensed tech or products.