A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory.
Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened: The “Load Value Injection” attack steals encrypted keys and other data stored within Intel’s SGX processors https://t.co/pdN8J3yiEw pic.twitter.com/9f3e5isaMv — Future Bitcoin (@Future_Bitcoin) March 11, 2020
On March 10, it has been reported that Daniel Gruss, a computer researcher, uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a “Load Value Injection [LVI],” can be used to steal sensitive data from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets.
However, the attack is significant as SGX processors are designed to provide secure storage sensitive stored within a computer’s memory, even when in the presence of a malicious operating system.
The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the attacker can access encrypted keys stored within the SGX.
“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.”
It has been analyzed that LVI attacks were first discovered by Jo Van Bulk during April 2019. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.
However, the paper describes LVI attacks as a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are also susceptible to it.
The researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier means with which to compromise consumer-grade computer systems.
The attack must also be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.
In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI by noting that all Intel chips with hardware fixed for Meltdown are not at risk.
Thus, Intel stated:
“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.”