Another Intel Speculative Execution Vulnerability
Remember Spectre and Meltdown? Back in early 2018, I wrote:
Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they—and the research into the Intel ME vulnerability—have shown researchers where to look, more is coming—and what they’ll find will be worse than either Spectre or Meltdown. There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. These will be similarly impossible to fix, and the only strategy will be to throw our devices away and buy new ones.
That has turned out to be true. Here’s a new vulnerability:
On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.
[…]
The new SGX attacks are known as SGAxe and CrossTalk. Both break into the fortified CPU region using separate side-channel attacks, a class of hack that infers sensitive data by measuring timing differences, power consumption, electromagnetic radiation, sound, or other information from the systems that store it. The assumptions for both attacks are roughly the same. An attacker has already broken the security of the target machine through a software exploit or a malicious virtual machine that compromises the integrity of the system. While that’s a tall bar, it’s precisely the scenario that SGX is supposed to defend against.
Another news article.
metaschima • June 11, 2020 7:22 AM
I was thinking about this recently also and it totally makes sense. It’s only a matter of time before even worse hardware vulnerabilities are discovered. Why? Well because this level of security was not a priority in the past. Performance is the main goal of processors and thus processor design. Only relatively recently in processor development has there been increased focus on security, but it’s too late. They have ignored so much over the years that there are likely hundreds of critical vulnerabilities that haven’t been discovered yet. I’m thinking a total design overhaul is needed. Design a secure processor from the ground up.