New Intel CPU Vulnerability Code-Named "Plundervolt"

plat

Level 29
Thread author
Top Poster
Sep 13, 2018
1,793
A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.


Personal note: Comments follow this article. 🤑
 
Last edited by a moderator:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
So many of these vulnerabilities require physical access. I’m unclear if this one does. But my desktop never leaves the house and my wife’s laptop rarely does. If someone has physical access to our devices we have bigger problems than cpu vulnerabilities.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
So many of these vulnerabilities require physical access. I’m unclear if this one does. But my desktop never leaves the house and my wife’s laptop rarely does. If someone has physical access to our devices we have bigger problems than cpu vulnerabilities.
It's a combination of physical access, elevated privileges (which unfortunately some motherboard and graphics overclocking utilities happily give everyone), and running untrusted code on device.

If you are careful I don't think you should be concerned about these kinds of threats.


Remember that the design of SGX and "secure enclaves" in general is that you can get full kernel compromise and still not be able to access the guarded secrets like your raw keys. It is a defense in depth mechanism.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
It's a combination of physical access, elevated privileges (which unfortunately some motherboard and graphics overclocking utilities happily give everyone), and running untrusted code on device.

If you are careful I don't think you should be concerned about these kinds of threats.


Remember that the design of SGX and "secure enclaves" in general is that you can get full kernel compromise and still not be able to access the guarded secrets like your raw keys. It is a defense in depth mechanism.
And this is why the panic that ensues with cpu vulnerabilities is generally overblown. Though Intel has had some uglier ones lately.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
And this is why the panic that ensues with cpu vulnerabilities is generally overblown. Though Intel has had some uglier ones lately.
Yep. It's important to keep pushing CPU designers to care about security and make the next chips more secure, but it's no reason to throw out existing chips. Even the "end of the world" speculative attacks disclosed last year have limited impact. You are kind of boned if you run a virtual hosting company because you've lost maybe 10-15% performance and hence need to spend more money on hardware. But the attack for home users was primarily through Javascript and browsers quickly mitigated the attacks in their JITs with little user impact.
I bet 75% of the readers here don't have a new enough CPU to even have SGX.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Yep. It's important to keep pushing CPU designers to care about security and make the next chips more secure, but it's no reason to throw out existing chips. Even the "end of the world" speculative attacks disclosed last year have limited impact. You are kind of boned if you run a virtual hosting company because you've lost maybe 10-15% performance and hence need to spend more money on hardware. But the attack for home users was primarily through Javascript and browsers quickly mitigated the attacks in their JITs with little user impact.
I bet 75% of the readers here don't have a new enough CPU to even have SGX.
Totally agree we should be pressing chip manufacturers to consider security more seriously. And I should have qualified for home users, because you are right, a lot of server operators have much different concerns and threat models.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top