Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened

Published at: March 11, 2020

A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory.

On March 10, computer researcher Daniel Gruss uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a “Load Value Injection [LVI],” can be used to steal sensitive data from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets. 

The attack is significant as SGX processors are designed to provide secure storage sensitive stored within a computer's memory, even when in the presence of a malicious operating system.

LVI discloses cryptocurrency keys from Intel SGX

The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the attacker can access encrypted keys stored within the SGX. Gruss states:

“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.” 

LVI attacks were first discovered by Jo Van Bulk during April 2019. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.

Attacks are not expected to target consumer computers

The paper describes LVI attacks as a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are also susceptible to it.

However, the researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier means with which to compromise consumer-grade computer systems. 

The attack must also be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.

Intel publishes list of vulnerable processors

In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI, noting that all Intel chips with hardware fixed for Meltdown are not at risk. Intel stated:

“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.”

Tags
Related Posts
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Someone Has Been on a $200M Crypto Exchange Hacking Spree
A cybercriminal group has allegedly stolen around $200 million from cryptocurrency exchanges over the past two years. In total, they are believed to have hit 10 - 20 victims across the United States, the Middle East, and Asia. According to research by the cybersecurity firm ClearSky, the gang named “CryptoCore,” known with other pseudonyms like “Dangerous Password” and “Leery Turtle,” has been actively targeting crypto firms since 2018 — specifically exchanges. Source: ClearSky They confirmed that CryptoCore stole $200 million from at least five victims, several of whom were located in Japan. Between 10-20 additional companies could be affected The …
Technology / June 24, 2020
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020
Aviation Database Struck By Unknown Ransomware Gang
Smartwatch maker and data-syncing service provider, Garmin, was the subject of a ransomware attack that took down several of its services on July 23, which managed to encrypt its internal network. According to a series of tweets published by the company, the Garmin Connect website and mobile app were affected by the hackers, plus the call centers and every customer support resources like replying emails, online chats, and handling calls. However, the nature of the attack was unveiled by ZDNet, who also stated that the cybercriminals also targeted flyGarmin, the company’s service that supports its line of aviation navigational equipment. …
Technology / July 25, 2020
Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys." So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious …
Technology / Jan. 24, 2022