Plundervolt, new vulnerability in cpus intel that alters its voltages
Table of contents:
- Plundervolt vulnerability affects Intel Core and Xeon processors
- All Intel CPUS affected by Plundervolt:
A team of cybersecurity researchers demonstrated a new technique to steal encrypted data from Intel SGX, a hardware-isolated trusted space on all modern Intel CPUs that encrypts extremely sensitive data to protect it from attackers even when a system is compromised. The attack has been termed as Plundervolt, which alters the processor voltage for this purpose.
Plundervolt vulnerability affects Intel Core and Xeon processors
Dubbed Plundervolt and recognized as CVE-2019-11157, the attack is based on the fact that modern processors allow the frequency and voltage to be adjusted when necessary, which, according to the researchers, can be modified in a controlled way to induce errors in memory by inverting bits.
'Bit Flip' is a phenomenon widely known for the Rowhammer attack in which attackers hijack vulnerable memory cells by changing their value from 1 to 0, or vice versa, all by adjusting the electrical charge of neighboring memory cells. However, since the SGX (Software Guard Extensions) function memory is encrypted, the Plundervolt attack takes advantage of the same idea of flipping bits by injecting CPU flaws before they are written to memory.
To break critical data, Plundervolt relies on a second technique called CLKSCREW, an attack vector that exploits CPU power management to break hardware security mechanisms and take control of a target system.
As the researchers have shown in the videos (You can see two other examples here and here), by subtly increasing or decreasing the voltage delivered to a specific CPU, an attacker can trigger computational flaws in the encryption algorithms used by SGX enclaves, resulting in that allows attackers to easily decrypt SGX data.
Visit our guide on the best processors on the market
All Intel CPUS affected by Plundervolt:
- 6th, 7th, 8th, 9th and 10th generation Intel Core processors Intel Xeon E3 v5 and v6 processor Intel Xeon E-2100 and E-2200 processor families
For the complete list of affected products, you can consult the security notice INTEL-SA-00289.
A team of six European researchers from the University of Birmingham, Graz University of Technology and KU Leuven discovered the Plundervolt attack, which affects all SGX-enabled Intel Core processors, starting with the Skylake generation, and reported it privately. to Intel in June 2019.
Spoiler, the cpus intel core affected by a new vulnerability
The world of processors was shaken by the Specter and Meltdown vulnerabilities, which mainly affected Intel. Now comes SPOILER.
Intel xeon, intel cpus suffer a new vulnerability called netcat
Researchers at the University of Vrije revealed on Wednesday that Intel Xeon processors suffer from the NetCAT vulnerability.
Jcc erratum, new vulnerability of cpus intel affects performance
JCC Erratum, Intel has revealed 77 vulnerabilities ranging from processors to graphics and even ethernet controllers.