CrossTalk.. Intel’s next flaw

Intel chip

Intel processors are vulnerable to another set of major security threats, security experts at two research teams disclosed earlier this week. The exploits go after Intel’s Software Guard eXtensions (SGX), a set of instructions designed to protect important apps and data.

The chipmaker created SGX to keep sensitive data, like passwords, guarded within blocks of secured memory called enclaves. Anything stored within an enclave is encrypted until it leaves the processor and goes to RAM before being decrypted when it returns.

There are two newly discovered attacks capable of breaking into the SGX-secured region of a processor: SGAxe and CrossTalk.

These types of attacks are similar to the devastating Meltdown and Spectre attacks that crippled hundreds of thousands of systems that rely on Intel CPUs. Intel said it released fixes and patches for some of the flaws but other issues remain.

SGAxe and Crosstalk vulnerabilities
One of two vulnerabilities discovered in Intel processors, SGAxe can steal legitimate SGX keys from an enclave and pose as a system to gain access to sensitive information. This could have a devastating effect if the malicous system can convince a server that it is a genuine Intel CPU.

“With the machine’s production attestation keys compromised, any secrets provided by [the] server are immediately readable by the client’s untrusted host application while all outputs allegedly produced by enclaves running on the client cannot be trusted for correctness,” wrote the researchers at the University of Michigan and the University of Adelaide in Australia who discovered the flaw.

SGAxe is a variant of a vulnerability discovered by the same team in January. Intel patched its chips with a temporary fix, only for the attack, called CacheOut, to bypass it. When SGAxe works alongside CacheOut, the duo can decrypt and extract sensitive data stored in memory.

The other flaw, CrossTalk, was discovered by researchers at Vrije University in Amsterdam and ETH Zurich. It lets malicious code on one CPU core leak sensitive data from software running on a different core. A so-called MDS attack, CrossTalk targets data while it’s in a transient state and being processed by the CPU.

Intel released firmware updates earlier this week to mitigate the problem. It says it hasn’t found evidence of CrossTalk being used in the wild.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s