New Intel chip flaw “Foreshadow” attacks SGX technology to extract sensitive data

Security fraternity is still dealing with the adverse consequences and versatile range of threats caused by the Spectre and Meltdown vulnerabilities. But, to add to their misery, there is another possibly worst hardware flaw detected by security researchers in Intel chips. This flaw, dubbed as Foreshadow, can obtain information even from the most secured components of the CPU. The flaw is identified by security experts from five different, credible institutions.

Foreshadow is quite similar to the Spectre vulnerability; it can be detrimental to the SGX (Software Guard Extensions) elements of the Intel chips. It must be noted that SGX is amongst the most secure elements of Intel chips that lets programs set up enclaves, which are the processor’s protected areas. These areas are responsible for handling sensitive data and are restricted just like the sandbox. This means a code cannot be executed from within them. When malware or virus infects the device, the data present in these enclaves remains protected. Foreshadow can bypass the security of these enclaves.

There are two versions of Foreshadow; one is the original attack  that can extract data from the enclaves. The other is called Foreshadow NG (Next Generation) , which can extract information from the L1 cache. It can potentially affect virtual machines, OS kernel memory, hypervisors, and system management mode memory. In fact, it has the capability of threatening the overall infrastructure of the Cloud platform.

According to Yuval Yarom, microarchitecture security researcher, there are some surprising aspects of this discovery such as it can obtain extensive information from SGX. SGX technology, found in Skylake and Kaby Lake processors from Intel, stores critically sensitive data including credit card information or social security number. Speculative Execution is the process that breaks down this information. It is basically a performance-boosting feature that is present in a majority of computer chips. But, if it gets engineered through malware, it is easily possible to extract sensitive data from the securest components of the PC.

SGX technology is installed in Intel chips to prevent speculative execution led attacks. But, researchers claim that by creating a “shadow copy” of any SGX enclave at an unprotected location of the CPU can lead to bypassing the security features. This would allow an attacker to read protected data and all protective measures will become useless.

However, accomplishing this feat isn’t too easy as was the case with other hardware flaws like Spectre and Meltdown. So far, security researchers haven’t identified any attacks that exploit these flaws or even the newly identified Foreshadow. Since it isn’t an easy exploit to carry out, so, hackers would most likely want to stick to other, easy-to-achieve hacking methods like email phishing.

Yet, Foreshadow is a concerning flaw because it can be leveraged to target data centers and compromise the security mechanisms implemented between two or more virtual machines.  Cloud service can also be exploited to read memory from different users hosted on a single server.

The good news is that on Tuesday Intel will be releasing new patches to address Foreshadow vulnerability and Microsoft also will be releasing fixes. The new fixes will work with previously released updates for Spectre and Meltdown flaws.

According to Jeff Ready, CEO of Scale Computing  “The design flaw in Intel chips have left windows and Linux systems vulnerable. Any device or services connected to the chips is essentially left at risk – especially after the latest flaw that was revealed – Foreshadow. The main focus is working in real time to identify the issues and look at what needs to be patched. Performance impacts will be seen across the industry.”

Systems that utilize software-defined storage via a mid-layer filesystem will likely experience the most impact. Many software-defined storage solutions, which use a mid-layer filesystem will likely have a much larger performance impact as a result of these fixes. After the patches and fixes roll out, we will be able to see the true extent of the impact.”

Related Posts