When thieves want to steal treasures surrounded by sensors and alarms, they sometimes resort to cutting the power, disrupting the flow of electricity to those expensive security systems. It turns out that hackers can pull off a similar trick: breaking the security mechanisms of Intel chips by messing with their power supply, and exposing their most sensitive secrets.
Two teams of researchers—one at the University of Birmingham in the U.K., TU Graz in Vienna, KU Leuven in Belgium, and another at the Technische Universität Darmstadt in Germany and the University of California—have found a new technique that can allow hackers to fiddle with the voltage of Intel chips to cause them to leak information stored using Intel's Secure Guard Extensions feature. Those "secure enclaves" in a device's memory are designed to be impregnable. Intel, which asked the teams to keep their findings under wraps for the last six months, confirmed the findings and pushed out an update to its chip firmware to prevent the attack today.
The technique, which one of the two teams calls Plundervolt, involves planting malicious software on a target computer that temporarily reduces the voltage of the electricity flowing to an Intel chip. That drop in voltage, known as "undervolting," typically allows legitimate users to save power when they don't need maximum performance. (By that same token, you can use the voltage-variance feature to "overclock" a processor for more intensive tasks.) But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data. And those errors can reveal information as sensitive as a cryptographic key or biometric data stored in the SGX enclave.
View Full Article