SgxSpectre Attack "Discovered"

[Lurick]

Summary:

A new vulerability has been discovered in the Intel SGX development kits, similar to the Spectre vulnerability that came out earlier however this attack can get into the Sgx Enclaves of a CPU and extract data. Enclaves are created by programs on physically segmented off parts of the CPU that are used by programs to work with high value information such as encryption keys, passwords, etc. This new attack allows someone to basically reach into these enclaves and extract information in them, posing a very large security risk.

 

Intel is said to be planning to release a patch for this on March 16th.

 

Quotes:

Quote

A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves.

Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX.

Quote

Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This is a classic "side-channel attack," and is quite effective.

"SgxPectre Attacks can completely compromise the confidentiality of SGX enclaves," researchers say. "because vulnerable code patterns exist [...] and are difficult to be eliminated, the adversary could perform SgxPectre Attacks against any enclave programs."

"Because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel's official SGX SDK will be impacted by the attacks. It doesn't matter how the enclave program is implemented," the research team says.

 

Thoughts:

I don't think this will bode well for Intel and hopefully they get a working and stable patch out ASAP and don't drop the ball on this like they did with Spectre and Meltdown a while back, and in some ways are still dropping the ball on those flaws. Having the ability to basically grab passwords and other sensitive data being used by other programs is definitely not good and I hope these SDKs can be quickly fixed without much impact to the user and definitely before attacks using this vulnerability are seen in the wild.

 

Link:

https://www.bleepingcomputer.com/news/security/sgxspectre-attack-can-extract-data-from-intel-sgx-enclaves/

http://web.cse.ohio-state.edu/~zhang.834/papers/SgxPectre.pdf

https://it.slashdot.org/story/18/03/10/0446211/sgxspectre-attack-can-extract-data-from-intel-sgx-enclaves

[Crunchy Dragon]

Is this patch going to be for all operating systems?

 

In my family, most of our PC's are Intel-based but operating system varies between macOS, Windows 10, Windows 7, and Linux.

[Lurick]

3 minutes ago, Crunchy Dragon said:

Is this patch going to be for all operating systems?

 

In my family, most of our PC's are Intel-based but operating system varies between macOS, Windows 10, Windows 7, and Linux.

That I'm not sure. The slashdot article (just added btw) mentions a patch coming but doesn't specify the impact.

I think since it's an SDK that it won't impact the CPU directly but the programs built off the SDK but I'm not sure what that would or wouldn't entail.

[kelvinhall05]

AyyMD

[Lurick]

Just now, kelvinhall05 said:

AyyMD

 

5 minutes ago, Crunchy Dragon said:

Is this patch going to be for all operating systems?

 

In my family, most of our PC's are Intel-based but operating system varies between macOS, Windows 10, Windows 7, and Linux.

 

Did just update the original post, it doesn't seem to be chip specific per-say but more the SDKs and their implementation of the SGX development kits. There are other kits, one from google that I know of that isn't impacted by this.

[ItsMitch]

Just now, kelvinhall05 said:

AyyMD

brb making a thread

[kelvinhall05]

2 hours ago, SC2Mitch said:

brb making a thread

Link me when you're done.

[ItsMitch]

5 minutes ago, kelvinhall05 said:

Link me when you're done.

 drop me some upboats ayyyy

[Lurick]

10 minutes ago, yian88 said:

I still think this entire Spectre Meltdown exploits drama are BS.

How can an "attacker" or "attack variant" (i asume a program) get access to a PC's CPU in the first place? that means the said pc/server has crappy firewalls and backend engineers in the first place.

If an attacker can get access to a machine with such hardware flaws, the hardware flaws are you're last problem.

Unless its a network chip flaw where the attacker can attack from outside the network i dont see any reason anyone should panic.

You're ignoring the obvious fact of user issues and that this isn't for mass infection. Social engineering is a huge issue these days and users who just don't care what they are doing or aren't aware of how to stop something like a social engineer attack easily compounds the problem This isn't about mass targeting of millions of people but specific targets selected by attackers who know what they are doing.

 

 

Edit:

One other thing is this isn't just a standalone program, spectre, meltdown, or the SGX variant can probably be coupled with some trojan or worm and start tearing through a network.

[mr moose]

The more complex technology gets the more exploits you will find.  It's a law of numbers thing.   

[leadeater]

5 hours ago, Lurick said:

You're ignoring the obvious fact of user issues and that this isn't for mass infection. Social engineering is a huge issue these days and users who just don't care what they are doing or aren't aware of how to stop something like a social engineer attack easily compounds the problem This isn't about mass targeting of millions of people but specific targets selected by attackers who know what they are doing.

 

 

Edit:

One other thing is this isn't just a standalone program, spectre, meltdown, or the SGX variant can probably be coupled with some trojan or worm and start tearing through a network.

And there are proof of concept attacks using javascript and if that becomes a real thing just going to a bad website is enough. For the most part Spectre attacks do require a bit of system prep/initialization to warm up the CPU caches and learn whats changing so javascript attacks might not be that bad, but you know how assumptions go.