Processors

Plundervolt, new vulnerability in cpus intel that alters its voltages

2024
Plundervolt, new vulnerability in cpus intel that alters its voltages

Table of contents:

Anonim

A team of cybersecurity researchers demonstrated a new technique to steal encrypted data from Intel SGX, a hardware-isolated trusted space on all modern Intel CPUs that encrypts extremely sensitive data to protect it from attackers even when a system is compromised. The attack has been termed as Plundervolt, which alters the processor voltage for this purpose.

Plundervolt vulnerability affects Intel Core and Xeon processors

Dubbed Plundervolt and recognized as CVE-2019-11157, the attack is based on the fact that modern processors allow the frequency and voltage to be adjusted when necessary, which, according to the researchers, can be modified in a controlled way to induce errors in memory by inverting bits.

'Bit Flip' is a phenomenon widely known for the Rowhammer attack in which attackers hijack vulnerable memory cells by changing their value from 1 to 0, or vice versa, all by adjusting the electrical charge of neighboring memory cells. However, since the SGX (Software Guard Extensions) function memory is encrypted, the Plundervolt attack takes advantage of the same idea of ​​flipping bits by injecting CPU flaws before they are written to memory.

To break critical data, Plundervolt relies on a second technique called CLKSCREW, an attack vector that exploits CPU power management to break hardware security mechanisms and take control of a target system.

As the researchers have shown in the videos (You can see two other examples here and here), by subtly increasing or decreasing the voltage delivered to a specific CPU, an attacker can trigger computational flaws in the encryption algorithms used by SGX enclaves, resulting in that allows attackers to easily decrypt SGX data.

Visit our guide on the best processors on the market

All Intel CPUS affected by Plundervolt:

  • 6th, 7th, 8th, 9th and 10th generation Intel Core processors Intel Xeon E3 v5 and v6 processor Intel Xeon E-2100 and E-2200 processor families

For the complete list of affected products, you can consult the security notice INTEL-SA-00289.

A team of six European researchers from the University of Birmingham, Graz University of Technology and KU Leuven discovered the Plundervolt attack, which affects all SGX-enabled Intel Core processors, starting with the Skylake generation, and reported it privately. to Intel in June 2019.

Thehackernews font

Spoiler, the cpus intel core affected by a new vulnerability

Spoiler, the cpus intel core affected by a new vulnerability

The world of processors was shaken by the Specter and Meltdown vulnerabilities, which mainly affected Intel. Now comes SPOILER.

Intel xeon, intel cpus suffer a new vulnerability called netcat

Intel xeon, intel cpus suffer a new vulnerability called netcat

Researchers at the University of Vrije revealed on Wednesday that Intel Xeon processors suffer from the NetCAT vulnerability.

Jcc erratum, new vulnerability of cpus intel affects performance

Jcc erratum, new vulnerability of cpus intel affects performance

JCC Erratum, Intel has revealed 77 vulnerabilities ranging from processors to graphics and even ethernet controllers.

Processors

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button