Hackers can plunder crypto keys even from the ultrasecure SGX chip because of the two new flaws of the Intel chip which are claimed to go deeper and are harder to fix.
According to Ars Technica's latest report, modern CPUs--especially those made by Intel--can be breached by highly skilled attackers and steal the passwords in the process since the computers have been under siege by an unending series of attacks for the last two years.
Also Read: [HACKERS] 50,000 Computers Infected by Fake Recovery Tool 'Stop DJVU Ransomware'; Honda Operations Attacked by Ransomware
To address this issue, the Intel-designed protection called SGX will provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data, even if a virtual machine running on the top of the operating system is badly compromised. SGX works by developing trusted execution environments that will protect its data and other sensitive code it works with from tampering or monitoring by anything else in the system.
Also read: [HACKERS] New Phishing Scam Uses Resume and Medical Leave Emails to Hide COVID-19 Malware
The creating of enclaves, or blocks of security memory, is the key to the authenticity and security assurances of SGX. Before enclaves are written in the RAM, its contents are first encrypted before they leave the processor which are only decrypted once they return. Blocking access by anything other than the trusted part of the CPU is the main job of SGX to safeguard the enclave memory.
Intel new chip flaws lead to plundering crypto keys from its ultrasecure SGX
According to Ars Technica, the cyberattack that was discovered on Tuesday, June 9, was not the first instance of breaching Intel's SGX. After building an attack known as Meltdown which ushered in the flurry of processor exploits along with a similar attack known as Spectre, the team of researchers broke into the fortified Intel region in 2018. Another team of researchers breached SGX earlier this year.
Intel introduced microcode updates to mitigate the earlier SGX vulnerability. However, the microcode updates did not last since two new flaws of Intel were discovered, attacking its SGX chips sending Intel scrambling anew to develop new defenses. New updates were released by Intel on Tuesday, June 9, and the public can expect them to be available within the coming weeks.
The new security defenses will either be installed automatically or will require manual intervention depending on the type of computer. It was stated that Intel users, especially those who rely on SGX, should ensure that the update is installed as soon as possible by checking with the manufacturer of their devices.
The new Intel chip flaws that can attack SGX are called CrossTalk and SGAxe. Using separate side-channel attacks, a type of hack that infers sensitive data by measuring power consumption, timing difference, sound, electromagnetic radiation, or other information from the systems it is stored in, it allows the two new flaws to breach the fortified CPU region of SGX.