Researchers at the University of Birmingham say that they have identified a weakness in Intel’s processors: by undervolting the CPU, Intel’s secure enclave technology reportedly becomes vulnerable to attack.
"Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’. This is done through privileged software interfaces, such as a “model-specific register” in Intel Core processors," says the University of Birmingham.
In a project called Plundervolt, an international team of researchers from the University of Birmingham’s School of Computer Science, along with researchers from imec-DistriNet (KU Leuven) and Graz University of Technology, have been investigating how the interfaces can be exploited in Intel Core processors to undermine the system’s security.
New results, released and accepted to IEEE Security & Privacy 2020, show how the team reportedly was able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations – a method used to shield sensitive computations for example from malware. This means that even Intel SGX's memory encryption and authentication technology cannot protect against Plundervolt, notes the University of Birmingham.
Intel has responded to the security threat by supplying a microcode update to mitigate Plundervolt.
David Oswald, Senior Lecturer in Computer Security at the University of Birmingham, says: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves. Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”
The work was funded by the Engineering and Physical Sciences Research Council (EPSRC) and by the European Union’s Horizon 2020 research and innovation program.