Plundervolt exposes vulnerability in security technology of Intel processors

Computer scientists from imec-DistriNet (KU Leuven), the University of Birmingham, and TU Graz have shown that the possibility to adjust the operating voltage of Intel processors makes them vulnerable to attack.

Modern processors are being pushed to perform faster than ever before, and with this come increases in heat and power consumption. That is why many chip manufacturers allow for frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’ – through what is known as privileged software interfaces.

Plundervolt attack

In a project called Plundervolt, an international team of researchers examined how these interfaces may be exploited in Intel Core processors to undermine the system’s security.

The researchers were able to corrupt the integrity of critical computations in so-called SGX “enclaves”, which work as a vault for personal data in Intel Core processors (see box below). Intel’s state-of-the-art SGX technology was introduced to shield sensitive computations even in the presence of the most advanced types of malware.

However, the Plundervolt attack now shows that it is possible to introduce persistent errors in enclave computations by carefully adjusting the processor voltage during SGX operation. The researchers exploited these subtle computational errors to reconstruct full cryptographic keys that make it possible to decode application secrets.

Second attack in two years’ time

The SGX enclave technology in Intel processors has already come under attack before. In August 2018, KU Leuven researchers were able to hack the system using the Foreshadow attack. In response to this attack, Intel released patches and updates to resolve the flaw in millions of processors.

However, as Plundervolt makes clear, even the results of supposedly secure enclave computations cannot be trusted, as they may have been corrupted by attackers manipulating the processor’s voltage.

Intel has already responded to this new security threat by supplying a microcode update to mitigate Plundervolt. Users can protect their SGX enclaves by downloading this update.

/Public Release. View in full here.