Announcement

Collapse
No announcement yet.

VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack

    Phoronix: VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack

    Security researchers out of the University of Birmingham have crafted another attack against Intel Software Guard Extensions (SGX) when having physical motherboard access and using their "VoltPillager" hardware device they assembled for about $30 USD...

    http://www.phoronix.com/scan.php?pag...r-HW-Undervolt

  • #2
    Haha that requires total hardware access to the poinr where you have to take out motherboard out of the server. Kinda useless as real world security vulnerability.

    Comment


    • #3
      This isn't a flaw in SGX, and I bet if they did the same thing to an Epyc part they could easily crack its memory encryption with similar techniques.

      Comment


      • #4
        Originally posted by piorunz View Post
        Haha that requires total hardware access to the poinr where you have to take out motherboard out of the server. Kinda useless as real world security vulnerability.
        I bet the envisioned threat model for the attack is the owners of the hardware breaking DRM that's relying on SGX to secure the decryption process.

        Comment


        • #5
          And you call this "attack"? lol

          Comment


          • #6
            Originally posted by ssokolow View Post

            I bet the envisioned threat model for the attack is the owners of the hardware breaking DRM that's relying on SGX to secure the decryption process.
            True, big media is the one most scared by this attack. Pretty sure they'll disable 4K and even HD playback on Intel GPUs now.

            Comment


            • #7
              Originally posted by ssokolow View Post

              I bet the envisioned threat model for the attack is the owners of the hardware breaking DRM that's relying on SGX to secure the decryption process.
              This. Breaking SGX while it's enabled is relevant because SGX is actually trying to provide "security" of DRM and against the user. SGX security is actually potentially harmful to users, as it's meant for making closed-source blobs even harder to inspect or tamper with.

              Comment


              • #8
                Those who dismiss this attack based on the fact that it requires physical hardware forget what the Intel SGX spec was designed for (or against)

                "The code and data in the enclave utilize a threat model in which the enclave is trusted but no process outside it can be trusted (including the operating system itself and any hypervisor), and therefore all of these are treated as potentially hostile." - Wikipedia

                The SGX assumes the OS can be compromised which is why root-level access on intel's undervolt utilities is a valid attack in this threat model. I am sceptical of their claims and threat model because protecting against OS-level exploits is a huge attack surface and many other components can be used to extract information. Not to mention SGX essentially needs to protect from all physical threats aswell as it is meant as additional security in cloud based systems (Why else wouldn't you trust the OS?) all while being able to call from userspace.

                Comment


                • #9
                  Originally posted by jntesteves View Post

                  This. Breaking SGX while it's enabled is relevant because SGX is actually trying to provide "security" of DRM and against the user. SGX security is actually potentially harmful to users, as it's meant for making closed-source blobs even harder to inspect or tamper with.
                  That is, untill wine/linux adds a syscall to emulate SGX. SGX should only work when cloud providers are honest enough to provide SGX and disable the intel undervolt utility from root access.

                  Comment


                  • #10
                    Originally posted by piorunz View Post
                    Haha that requires total hardware access to the poinr where you have to take out motherboard out of the server. Kinda useless as real world security vulnerability.
                    Not really, imagine trying to access the encrypted content of a stolen laptop...

                    Comment

                    Working...
                    X