Researchers develop 'SgxSpectre' security exploit that can crack Intel's SGX secure environment

Intel security feature cracked wide open by university researchers exploiting Spectre CPU security flaw

Researchers at Ohio State University claim to have found a way to use the Spectre vulnerability to break into a security feature of Intel's CPUs, called SGX secure environment, and steal data in the process.

SGX, which stands for Software Guard eXtensions, is a relatively new feature, dating back just four years.

Intel introduced it as a mechanism to enable applications to highlight sections of memory that blocks the operating system, or other programs such as a hypervisor from accessing it.

These cordoned areas, called enclaves, are used to run operations such as DRM code without allowing anyone or anything, even privileged malware, to spy on the decryption keys. It can also allow sensitive code to be run on an otherwise untrusted or unsecured machine.

SgxPectre attacks exploit the race condition between the injected, speculatively executed memory references and the latency of the branch resolution

The researchers noted that because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel's official SGX SDK will be impacted by the attacks. It doesn't matter how the enclave program is implemented.

Dubbing it SgxPectre, the researchers said the flaw is like Spectre and Meltdown in that it allows malicious code to access and read the memory. It' not quite as scary, though, as it requires direct access to the computer to be implemented.

To make people aware of the issue, the researchers posted a how-to video with sample code on GitHub, which states: "Similar to their non-SGX counterparts, SgxPectre attacks exploit the race condition between the injected, speculatively executed memory references and the latency of the branch resolution."

The team also published a formal paper outlining how malicious program can take advantage of the CPU's branch predictor so that when the processor is executing SGX enclave code, the contents of the secure environment's private memory and CPU registers can be observed via slight changes to the state of the cache.

Intel said it is aware of the research paper and have provided information and guidance online about how Intel SGX may be impacted by the side channel analysis vulnerabilities.

The chip firm also said it is preparing a fix for release next week via a software update which it promises will not affect the performance of the systems like its Meltdown-mitigating firmware did.

"We anticipate that the existing mitigations for Spectre and Meltdown, in conjunction with an updated software development toolkit for SGX application providers — which we plan to make available on March 16 — should be effective against the methods described in that research," the chip giant said.

"We recommend customers make sure they are always using the most recent version of the toolkit."