Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened
Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened
Researchers have published a paper identifying a "Load Value Injection" proof-of-concept attack that targets Intel SGX processors.
3020 Total views
88 Total shares
A vulnerability has reportedly been discovered in Intel'south Software Baby-sit eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to exist siphoned from a computer'southward memory.
On March 10, computer researcher Daniel Gruss uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a "Load Value Injection [LVI]," can be used to steal sensitive information from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets.
The attack is significant equally SGX processors are designed to provide secure storage sensitive stored within a computer's memory, even when in the presence of a malicious operating system.
LVI discloses cryptocurrency keys from Intel SGX
The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the assailant tin access encrypted keys stored within the SGX. Gruss states:
"In a meltdown-blazon attack, the attacker deliberately tries to load surreptitious information — causing the processor to abolish and reissue the load. The canceled load keeps on running for a short fourth dimension — long enough for an attacker to perform operations on the clandestine information."
LVI attacks were start discovered by Jo Van Bulk during April 2022. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.
Attacks are not expected to target consumer computers
The paper describes LVI attacks equally a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are too susceptible to information technology.
Nevertheless, the researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier ways with which to compromise consumer-course computer systems.
The attack must besides be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.
Intel publishes list of vulnerable processors
In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI, noting that all Intel fries with hardware fixed for Meltdown are not at risk. Intel stated:
"Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous circuitous requirements that must be satisfied to successfully deport out, Intel does non believe LVI is a practical method in real-world environments where the Os and VMM are trusted."
Source: https://cointelegraph.com/news/intel-sgx-vulnerability-discovered-cryptocurrency-keys-threatened
Posted by: cooklantoo.blogspot.com
0 Response to "Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened"
Post a Comment