SGX, Intel’s supposedly impregnable data fortress, has been breached again

SGX, Intel's supposedly impregnable data fortress, has been breached again
Written by admin

SGX, Intel's supposedly impregnable data fortress, has been breached again


Intel’s latest CPU generation contains a vulnerability that allows attackers to obtain encryption keys and other sensitive information protected by the company’s Software Guard extensions, the advanced capability that acts as a digital vault for security users’ most sensitive secrets .

The protection, abbreviated as SGX, aims to provide a kind of fortress for safely storing encryption keys and other sensitive data, even if the operating system or a virtual machine running on it is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works on from being monitored or tampered with by anything else in the system.

Cracks in Intel’s core security

SGX is a cornerstone of the security guarantees that many companies offer their users. For example, servers used for contact detection for Signal Messenger rely on SGX to ensure the process is anonymous. signal says Running its advanced hash scheme provides a “general recipe for discovering private contacts in SGX without disclosing information to parties in control of the machine, even if they attached physical hardware to the memory bus”.

The example is purely hypothetical. Signal spokesman Jun Harada wrote in an email: “Intel brought this paper to our attention… and we were able to verify that the CPUs used by Signal are not affected by the findings of this paper and are therefore not vulnerable to the stated attack. ” “

Key to SGX’s security and authenticity guarantees is the creation of so-called “enclaves” or blocks of secure storage. Enclave content is encrypted before leaving the processor and written to RAM. They will only be decrypted after their return. SGX’s job is to protect the enclave memory and block access to its contents by anything other than the trusted part of the CPU.

Type ÆPIC Leak

Since 2018, researchers have uncovered at least seven serious vulnerabilities in SGX, some of which have completely undermined the assurances Intel has made about them. On Tuesday, a research report publicly identified a new vulnerability that also completely breaches SGX guarantees in most 10th, 11th and 12th Gen Intel CPUs. The chipmaker said it released mitigations that prevent the researchers’ proof-of-concept exploit from working longer. The researchers will present their findings on Wednesday at the Black Hat security conference in Las Vegas.

A list showing which Intel CPUs are vulnerable.
Enlarge / A list showing which Intel CPUs are vulnerable.

Borrello et al.

The vulnerability lies in APIC, short for Advanced Programmable Interrupt Controller. APIC is a mechanism built into many modern CPUs that manages and forwards interrupts, which are hardware or software generated signals that cause the CPU to stop its current task so it can process a higher priority event. The researchers who discovered the flaw dubbed the vulnerability and its proof-of-concept exploit ÆPIC Leak.

An overview of ÆPIC Leak.
Enlarge / An overview of ÆPIC Leak.

Borrello et al.

The error that makes ÆPIC Leak possible is a so-called Read uninitialized memory, what happens if the disk space is not cleared after the CPU has processed it, causing old data that is no longer needed to be lost. Unlike previous CPU errors with names like Specter, meltdown, premonitionand RIDL/Fallout/ZombieLoad– which were the result of temporary execution creation side channels that revealed private data – ÆPIC Leak is an architectural flaw that resides in the CPU itself.

About the author


Leave a Comment