Discovery casts dark shadow on computer security

Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel processors’ secure enclaves to access memory and data.

The vulnerability affects Intel’s Software Guard Extension (SGX) technology, a new feature in modern Intel CPUs that allows computers to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.

The two teams that independently and concurrently discovered Foreshadow have published a report on the vulnerability, which causes the complete collapse of the SGX ecosystem and compromises users’ data.

“SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication, or to prevent content being downloaded from video streaming services,” Dr Yuval Yarom from CSIRO’s Data61 and the University of Adelaide’s School of Computer Science said. “Foreshadow compromises the confidentiality of the ‘fortresses’, where this sensitive information is stored, and once a single fortress is breached, the whole system becomes vulnerable.”

The researchers reported these findings to Intel earlier this year, and the company’s own analysis into the causes of the vulnerability led to the discovery of a new variant of Foreshadow, called Foreshadow-NG, which affects nearly all Intel servers used in cloud computing.

Foreshadow-NG is theoretically capable of bypassing the earlier fixes introduced to mitigate against Meltdown and Spectre, potentially re-exposing millions of computers globally to attacks.

“The SGX feature is widely used by developers and businesses globally, and this opens them up to a data breach that can potentially affect their customers as well,” said Dr Yarom. “Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow.

“Intel’s discovery of the Foreshadow-NG variant is even more severe but will require further research to gauge the full impact of the vulnerability.”

Intel has since released patches, updates and guidelines to resolve both Foreshadow and Foreshadow-NG. Researchers have not yet tested if similar flaws exist in processors of other manufacturers.

Adrian Turner, CEO of CSIRO’s Data61, said this is a significant discovery that shows the far-reaching impact of Meltdown and Spectre and reinforces the role of research for discovering and preventing flaws.

“Experts like Dr Yarom play a vital role in finding vulnerabilities, responsibly disclosing them and developing trustworthy systems to keep critical infrastructure secure,” said Turner. “Data61 has also joined the RISC-V Foundation’s security task group which aims to prevent the likes of Meltdown and Spectre from occurring again.”

The two teams that discovered Foreshadow include: Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven); Marina Minkin, Mark Silberstein (Technion); Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F Wenisch (University of Michigan); Yuval Yarom (CSIRO’s Data61 and University of Adelaide).

For more information, visit: https://foreshadowattack.com.

Image: ©stock.adobe.com/au/agsandrew