News

Intel SGX Breached by New Speculative Execution Exploit

Foreshadow Hits Secure SGX Secure Enclaves

With the release of Spectre and Meltdown, the floodgates have opened. Since the reveal of the two speculative exploits last year, more bugs have come out of the woodwork. One recent release was a variant of Spectre targettable over networks. Today, we have a new bug that hits Intel right in the jaw. Dubbed Foreshadow by researchers, the new exploit targets the supposedly secure SGX function on Intel CPUs.

SGX or Software Guard eXtensions is a new feature Intel introduced with Skylake and Kaby Lake. SGX allows the creation of Trusted Execution Environments or TEEs. These TTEs are created using SGX to create a secure enclave. Due to this secure enclave, blocks of memory or code is supposed to be protected from everything. Furthermore, this includes protection from a hostile kernel, hypervisor or operating system. Foreshadow circumvents this and ploughs right on through into the secure enclave. This feature is great for cloud virtual machines because it protects against hostile hosts and neighbours.

Intel Microcode Fix Mostly Patches the Exploit

Foreshadow works in a similar fashion to Meltdown. In fact, it builds on the speculative nature of the original attack. Normally, SGX protects the enclave data with encryption. However, the CPU decrypts protected data in the L1 cache. Once there, Intel CPUs do not perform any further protection checks. This allows the attacker to exploit the speculative execution behaviour of the CPU, like in Meltdown to read the data. The attacker can also create malicious enclaves to more easily attack other enclaves on the same core. This only works on CPUs with Hyper-Threading since they share the same logical core. All said and done though, SGX still makes the attacker’s job more difficult as Intel wants it to do.

Luckily for users, Intel has already rolled out a fix. Updated microcode has been provided to change CPU SGX function. After using the data, the CPU will flush the L1 Data cache immediately. Unfortunately, this does not fully fix the flaw with Hyper-Threading. This is because the 2 enclaves on each virtual core share the L1. This is problematic for cloud servers which now have to worry about shared Hyper-Threaded cores. Finally, Intel plans to provide a hardware fix to this issue in Cascade Lake. Given the state of things though, only more attacks are likely to come out in the meanwhile.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

3 hours ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

3 hours ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

3 hours ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

3 hours ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

3 hours ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

3 hours ago