Listen Audio Version

Researchers Break Intel SGX with $30 VoltPillager Tool

Intel Software Guard Extensions (SGX), a set of codes aimed to protect user data and operating system code from ineligible privilege groups (called enclaves), has been broken by a $30 CPU voltage control tool named VoltPillager – developed by the University of Birmingham researchers.

In 2019, the Plundervolt attack (CVE-2019-11157) controlled the voltage of Intel SGX processors during the execution of enclave computations, to corrupt their software integrity. This software undervolting resulted in the extraction of protected data, due to faults that could be induced manually. Intel then fixed this vulnerability via BIOS and microcode updates.

On November 13, 2020, the research team made its Github repository public, after successfully creating VoltPillager – a device that can maneuver around Intel’s fix, to compromise SGX processors, with physical access to the hardware.

VoltPillager targets the voltage regulator chip responsible for the CPU voltage, by connecting to its unprotected interface. This separated chip can then be exploited as required, to cause more damage than Plundervolt.

The possibility of SGX processors getting exploited by parties having physical access to the computer hardware leads one to question – “Perhaps it might now be time to rethink the threat model of SGX. Can it really protect against malicious insiders or cloud providers?” – as stated by Zitai Chen, a PhD student in Computer Security at the University of Birmingham.

You might like to read:

Funded by the Engineering and Physical Sciences Research Council (EPSRC), the European Union’s Horizon 2020 research and innovation program, and by the Paul and Yuanbi Ramsay Endowment Fund, this research will be presented at the Usenix Security 2021 conference.

Similar Posts