New Variant of Spectre Vulnerability Exploits Intel’s SGX

vulnerabilities in binaryWhile Intel has been handling public criticism following the recent discovery of major security flaws in its chipsets, another vulnerability has just been exposed in a paper published by a team of Ohio State University researchers.

When older generation Intel chips were found to have the Spectre vulnerability, which was first discovered in January, it was stated that it was a design flaw and that the company is working on solving the issue with a new production round.

But if one goes by this recent Ohio State University report, it appears the new processors from Intel are also not secure enough as far as the users are concerned.

Isolated Enclaves are the Affected Areas

What has been revealed by the Ohio State University researchers concerns a specific provision in the Intel processor named Software Guard Extension (SGX).

Ironically, this extension has been enabled in the processor as a security measure, and an enclave is created so that sensitive data and codes can be stored inside that enclave and can remain in isolation.

After detecting the vulnerability, the researchers dubbed it “SGXPectre.” The flaw is a new variant of the Spectre vulnerability that was first revealed by cybersecurity professionals a few months ago.

Complete Technical Details Explained

vulnerabilities management

Researchers have provided info about the new Intel SGX vulnerability

Since this new Intel SGX vulnerability has been brought to light by the Ohio State University researchers, it is essential to understand the full scope and extent of the flaw and its implications.

Fortunately, the researchers have provided the technical details in a comprehensive paper. They also published an accompanying video to help further explain the vulnerability.

According to them, the Intel SGX development kits that are affected by the vulnerability are Graphene-SGX, SGX SDK and Rust-SGX.

Once the Spectre variant vulnerability exploiters make an entry, they can obtain the codes and data held on the network/system. So, the facility that enables developers to work on applications and create codes within a private enclave has offered the hackers a way to perpetrate their attacks and steal data.

Intel Takes Note and Says It Has the Fix

Intel has since reacted to this exposure by acknowledging the Intel SGX vulnerability. They have also said that they’re already in the process of rolling out updates to fix the Spectre and Meltdown vulnerabilities that were exposed earlier this year. The company is continuously releasing new patches for several products.

At the same time, they’re launching efforts to patch the latest bug with regard to the SGX-related vulnerability.

According to Intel, the updates to take care of all these bugs will be made available to the public at large and to the device manufacturers on March 16.

Steps Going Forward

If you are a device manufacturer, you probably have already been contacted by the Intel team to receive a notice of the necessary solutions before you ship out new devices.

If you have purchased a device with the latest batch of Intel processors and you are concerned about this SGXPectre vulnerability, then you will have to wait until mid-March for Intel to release the complete update as planned.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.