Schwarz says his malware does not exploit any vulnerability in SGX. Rather it takes advantage of the fact that Intel considers software-based side-channel attacks on SGX as not possible and therefore out of scope. Side channel attacks gather and use information about some aspect of a system's physical operation to attack and expose sensitive data.
SGX is a security mechanism that Intel introduced with its Skylake processor architecture. It is designed to protect code and data from leaks and disclosure. As Schwarz notes in a technical paper, SGX uses secure enclaves working in hardware-isolated memory areas to protect application secrets from hardware attacks. Such enclaves can be used to securely store hardware-encrypted passwords, password managers, cryptographic keys, bitcoin wallets, and other secrets.
The exploit against SGX itself is harder to mount than a regular zero-day exploit, Schwarz concedes. But for someone with a background in micro-architectural attacks, it is perfectly doable
https://www.darkreading.com/vulnerabilities---threats/intel-sgx-can-be-used-to-hide-execute-malware/d/d-id/1331211?
No comments:
Post a Comment