SGX, Intel’s Supposedly Impregnable Data Fortress, Has Been Breached Again

SGX, Intel's Supposedly Impregnable Data Fortress, Has Been Breached Again


Intel’s latest generation of processors contain a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company’s software protection extensions, the advanced feature that acts as a vault digital for the most sensitive secrets of security users.

Abbreviated as SGX, the protection is designed to provide a sort of fortress for the preservation of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top of it is maliciously compromised. SGX works by creating trusted runtime environments that protect sensitive code and the data it runs against from being monitored or tampered with by anything else on the system.

Cracks in Intel’s Fundamental Security

SGX is the cornerstone of the security guarantees that many companies provide to users. The servers used to handle contact discovery for Signal Messenger, for example, rely on SGX to ensure the anonymity of the process. Signal said running its advanced hashing scheme provides a “general recipe for performing private contact discovery in SGX without disclosing information to parties that control the machine, even if they were to attach physical hardware to the memory bus”.

The example is purely hypothetical. Signal spokesperson Jun Harada wrote in an email: “Intel has alerted us to this article…and we have been able to verify that the processors used by Signal are not affected by the findings of this article. and are therefore not vulnerable to the indicated attack. ”

Key to SGX’s guarantees of security and authenticity is its creation of so-called “enclaves,” or blocks of secure memory. The contents of the enclave are encrypted before leaving the processor and written to RAM. They are decrypted only after their return. SGX’s job is to protect the enclave’s memory and block access to its contents by anything other than the CPU’s trusted party.

Enter ÆPIC leak

Since 2018, researchers have uncovered at least seven serious security flaws in SGX, some of which have completely undermined the assurances Intel gives them. On Tuesday, a research paper publicly identified a new hole, which also completely breaks SGX warranties in most 10th, 11th, and 12th Gen Intel processors. The chipmaker said it released mitigations that prevent the researchers’ proof-of-concept exploit from working any longer.

A list indicating which Intel processors are vulnerable.
Enlarge / A list indicating which Intel processors are vulnerable.

Borello et al.

The vulnerability lies in APIC, short for Advanced Programmable Interrupt Controller. APIC is a mechanism built into many modern processors that manages and routes interrupts, which are signals generated by hardware or software that cause the processor to stop its current task so that it can process a higher priority event. The researchers who discovered the flaw named the vulnerability and their proof-of-concept exploit ÆPIC Leak.

A preview of the ÆPIC leak.
Enlarge / A preview of the ÆPIC leak.

Borello et al.

The bug that makes ÆPIC Leak possible is something called a read uninitialized memory, which occurs when memory space is not cleared after the processor has finished processing it, causing old data that is no longer needed to leak. Unlike previous CPU faults with names like Specter, Meltdown, Announceand RIDL/Fallout/ZombieLoad– which were the result of a transitory execution creating side channels which revealed private data – ÆPIC Leak is an architectural flaw that resides in the processor itself.

Leave a Comment