Two teams of European researchers have discovered a flaw in Intel chips which can be used by hackers to steal vital information like a cryptographic key or biometric data by fluctuating voltage to the chip.
According to Intel, the following CPU models are affected by such an attack:
- Intel Xeon Processor E3 v5 and v6
- Intel Xeon Processor E-2100 and E-2200 families
- Intel 6th, 7th, 8th, 9th and 10th generation CoreTM processors
Intel chips have the Secure Guard Extensions (SGX) feature, which encrypts certain crucial information stored in a computer’s memory and allows access to certain specific programs only. Another feature of an Intel chip is that users are allowed “undervolting,” which saves power when they are doing routine functions on their computers. Conversely, users are also allowed to “overclock” a processor for tasks that require more computing power like i-Games.
For the hacking termed the “Plundervolt” to succeed, the hacker has to first install their malware with high-level (root) privileges on the user’s computer. This is very difficult and hence, makes such an attack unlikely but still possible. The researchers found that the malware caused 25-30% undervolting in the processor for a specific time-period while the chip is doing computations that use secret data stored in SGX, which introduced errors in the computation. These errors are called bit flips, where 1 is changed into 0 and vice versa. The bit flips during computation can help in revealing the cryptographic key to the hackers.
The team also showed that bitflips could make the processor store information in an unprotected portion of the CPU instead of the SGX enclave. This would make it easier for hackers to get their hands on a user’s sensitive data. The malware can also introduce bugs in applications that can be used by hackers from remote locations.
The Plundervolt hack attack has been tagged CVE-2019-11157.
One of the researchers, Kit Murdock, said,
Intel says this (SGX) enclave will protect calculations even from someone on the same system who has root, but we can still flip bits even inside what should be a safe enclave.
Intel has already released patches to the Plundervolt attack, which allows administrators to lock the voltage and control interface from BIOS options.