https://www.hackread.com/intel-chip-flaw-foreshadow-attacks-sgx-tech-to-extract-data/
New Intel chip flaw “Foreshadow” attacks SGX technology to extract sensitive data
August 15th, 2018 Waqas Security 0 comments
by Waqas
on August 15th, 2018
TagsCPU, Intel, internet, Malware, security, Spectre, Technology, Vulnerability
Share on FacebookShare on Twitter
Security fraternity is still dealing with the adverse consequences and versatile range of threats caused by the Spectre and Meltdown vulnerabilities. But, to add to their misery, there is another possibly worst hardware flaw detected by security researchers in Intel chips. This flaw, dubbed as Foreshadow, can obtain information even from the most secured components of the CPU. The flaw is identified by security experts from five different, credible institutions.
Foreshadow is quite similar to the Spectre vulnerability; it can be detrimental to the SGX (Software Guard Extensions) elements of the Intel chips. It must be noted that SGX is amongst the most secure elements of Intel chips that lets programs set up enclaves, which are the processor’s protected areas. These areas are responsible for handling sensitive data and are restricted just like the sandbox. This means a code cannot be executed from within them. When malware or virus infects the device, the data present in these enclaves remains protected. Foreshadow can bypass the security of these enclaves.
There are two versions of Foreshadow; one is the original attack [PDF] that can extract data from the enclaves. The other is called Foreshadow NG (Next Generation) [PDF], which can extract information from the L1 cache. It can potentially affect virtual machines, OS kernel memory, hypervisors, and system management mode memory. In fact, it has the capability of threatening the overall infrastructure of the Cloud platform.
According to Yuval Yarom, microarchitecture security researcher, there are some surprising aspects of this discovery such as it can obtain extensive information from SGX. SGX technology, found in Skylake and Kaby Lake processors from Intel, stores critically sensitive data including credit card information or social security number. Speculative Execution is the process that breaks down this information. It is basically a performance-boosting feature that is present in a majority of computer chips. But, if it gets engineered through malware, it is easily possible to extract sensitive data from the securest components of the PC.
SGX technology is installed in Intel chips to prevent speculative execution led attacks. But, researchers claim that by creating a “shadow copy” of any SGX enclave at an unprotected location of the CPU can lead to bypassing the security features. This would allow an attacker to read protected data and all protective measures will become useless.
However, accomplishing this feat isn’t too easy as was the case with other hardware flaws like Spectre and Meltdown. So far, security researchers haven’t identified any attacks that exploit these flaws or even the newly identified Foreshadow. Since it isn’t an easy exploit to carry out, so, hackers would most likely want to stick to other, easy-to-achieve hacking methods like email phishing.
Yet, Foreshadow is a concerning flaw because it can be leveraged to target data centers and compromise the security mechanisms implemented between two or more virtual machines. Cloud service can also be exploited to read memory from different users hosted on a single server.
The good news is that on Tuesday Intel will be releasing new patches to address Foreshadow vulnerability and Microsoft also will be releasing fixes. The new fixes will work with previously released updates for Spectre and Meltdown flaws.
According to Jeff Ready, CEO of Scale Computing “The design flaw in Intel chips have left windows and Linux systems vulnerable. Any device or services connected to the chips is essentially left at risk – especially after the latest flaw that was revealed – Foreshadow. The main focus is working in real time to identify the issues and look at what needs to be patched. Performance impacts will be seen across the industry.”
Systems that utilize software-defined storage via a mid-layer filesystem will likely experience the most impact. Many software-defined storage solutions, which use a mid-layer filesystem will likely have a much larger performance impact as a result of these fixes. After the patches and fixes roll out, we will be able to see the true extent of the impact.”
https://securitybrief.asia/story/flaw-discovered-intel-chips-allows-attackers-steal-cloud-data/
Intel-Core-S-series-Chip.jpg
Tags
Security vulnerabilities, Spectre, Foreshadow, CPU, RedLock, Intel, Meltdown
Flaw discovered in Intel chips, allows attackers to steal cloud data
Lew Kai Ping
Lew Kai Ping
August 16, 2018
Researchers have discovered another security flaw in Intel security chips – the third one this year after Spectre and Meltdown.
The flaw allows an attacker to steal sensitive information stored on personal computers or third-party clouds.
According to their research report, Foreshadow has two versions, the original attack designed to extract data from Intel SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
The flaw was discovered by researchers from the Israel Institute of Technology, University of Michigan, the University of Adelaide, and the Catholic University of Leuven.
The report says that mitigations against Meltdown and Spectre are not effective against Foreshadow and Foreshadow-NG.
On its website, Intel says it has “worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.”
“This includes the release of updated Intel microprocessor microcode to our customers and partners.”
Affected CPUs
Intel confirmed that Foreshadow affects all SGX-enabled Core processors (Skylake and Kaby Lake), while Atom family processors with SGX support remain unaffected. Intel confirmed that Foreshadow-NG affects the following processes:
· Intel Core i3/i5/i7/M processor (45nm and 32nm)
· 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
· Intel Core X-series Processor Family for Intel X99 and X299 platforms
· Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
· Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
· Intel® Xeon Processor E5 v1/v2/v3/v4 Family
· Intel® Xeon Processor E7 v1/v2/v3/v4 Family
· Intel® Xeon Processor Scalable Family
· Intel® Xeon Processor D (1500, 2100)
Cloud threat defence company RedLock’s Cloud Security VP Matthew Chiodi says, “What’s interesting about the Intel disclosure is that researchers simply followed the thread left by Spectre and Meltdown—this isn’t a completely new class of vulnerabilities.
“This means that while Intel is not officially aware of any exploits that take advantage of this today, certainly advanced nation-states have been working on them.
“Interestingly enough, back in June, the OpenBSD project announced plans to disable support for Intel CPU hyper-threading (HT) due to security concerns around more ‘Spectre-class bugs’ - Their announcement has proved prescient.”
Chiodi adds that public cloud titans Google, Microsoft and AWS quickly responded to Foreshadow by updating their respective infrastructure and services.
“Enterprise cloud consumers tangibly benefited as the vast majority of them are not operating multi-tenant workloads on the same VM.
“That doesn’t mean there’s nothing to do on the end-user side, but the cloud providers have already done a lot of the heavy lifting.
He concludes,” The bottom line is that even the best and fastest fixes aren’t effective unless all stakeholders do their part—this is especially relevant in public cloud given the shared responsibility model.
"It only takes one party, one weak link in the chain, for the exposure to remain.”
New Intel chip flaw “Foreshadow” attacks SGX technology to extract sensitive data
August 15th, 2018 Waqas Security 0 comments
by Waqason August 15th, 2018
TagsCPU, Intel, internet, Malware, security, Spectre, Technology, Vulnerability
Share on FacebookShare on Twitter
Security fraternity is still dealing with the adverse consequences and versatile range of threats caused by the Spectre and Meltdown vulnerabilities. But, to add to their misery, there is another possibly worst hardware flaw detected by security researchers in Intel chips. This flaw, dubbed as Foreshadow, can obtain information even from the most secured components of the CPU. The flaw is identified by security experts from five different, credible institutions.
Foreshadow is quite similar to the Spectre vulnerability; it can be detrimental to the SGX (Software Guard Extensions) elements of the Intel chips. It must be noted that SGX is amongst the most secure elements of Intel chips that lets programs set up enclaves, which are the processor’s protected areas. These areas are responsible for handling sensitive data and are restricted just like the sandbox. This means a code cannot be executed from within them. When malware or virus infects the device, the data present in these enclaves remains protected. Foreshadow can bypass the security of these enclaves.
There are two versions of Foreshadow; one is the original attack [PDF] that can extract data from the enclaves. The other is called Foreshadow NG (Next Generation) [PDF], which can extract information from the L1 cache. It can potentially affect virtual machines, OS kernel memory, hypervisors, and system management mode memory. In fact, it has the capability of threatening the overall infrastructure of the Cloud platform.
According to Yuval Yarom, microarchitecture security researcher, there are some surprising aspects of this discovery such as it can obtain extensive information from SGX. SGX technology, found in Skylake and Kaby Lake processors from Intel, stores critically sensitive data including credit card information or social security number. Speculative Execution is the process that breaks down this information. It is basically a performance-boosting feature that is present in a majority of computer chips. But, if it gets engineered through malware, it is easily possible to extract sensitive data from the securest components of the PC.
SGX technology is installed in Intel chips to prevent speculative execution led attacks. But, researchers claim that by creating a “shadow copy” of any SGX enclave at an unprotected location of the CPU can lead to bypassing the security features. This would allow an attacker to read protected data and all protective measures will become useless.
However, accomplishing this feat isn’t too easy as was the case with other hardware flaws like Spectre and Meltdown. So far, security researchers haven’t identified any attacks that exploit these flaws or even the newly identified Foreshadow. Since it isn’t an easy exploit to carry out, so, hackers would most likely want to stick to other, easy-to-achieve hacking methods like email phishing.
Yet, Foreshadow is a concerning flaw because it can be leveraged to target data centers and compromise the security mechanisms implemented between two or more virtual machines. Cloud service can also be exploited to read memory from different users hosted on a single server.
The good news is that on Tuesday Intel will be releasing new patches to address Foreshadow vulnerability and Microsoft also will be releasing fixes. The new fixes will work with previously released updates for Spectre and Meltdown flaws.
According to Jeff Ready, CEO of Scale Computing “The design flaw in Intel chips have left windows and Linux systems vulnerable. Any device or services connected to the chips is essentially left at risk – especially after the latest flaw that was revealed – Foreshadow. The main focus is working in real time to identify the issues and look at what needs to be patched. Performance impacts will be seen across the industry.”
Systems that utilize software-defined storage via a mid-layer filesystem will likely experience the most impact. Many software-defined storage solutions, which use a mid-layer filesystem will likely have a much larger performance impact as a result of these fixes. After the patches and fixes roll out, we will be able to see the true extent of the impact.”
https://securitybrief.asia/story/flaw-discovered-intel-chips-allows-attackers-steal-cloud-data/
Intel-Core-S-series-Chip.jpg
Tags
Security vulnerabilities, Spectre, Foreshadow, CPU, RedLock, Intel, Meltdown
Flaw discovered in Intel chips, allows attackers to steal cloud data
Lew Kai Ping
Lew Kai Ping
August 16, 2018
Researchers have discovered another security flaw in Intel security chips – the third one this year after Spectre and Meltdown.
The flaw allows an attacker to steal sensitive information stored on personal computers or third-party clouds.
According to their research report, Foreshadow has two versions, the original attack designed to extract data from Intel SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
The flaw was discovered by researchers from the Israel Institute of Technology, University of Michigan, the University of Adelaide, and the Catholic University of Leuven.
The report says that mitigations against Meltdown and Spectre are not effective against Foreshadow and Foreshadow-NG.
On its website, Intel says it has “worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.”
“This includes the release of updated Intel microprocessor microcode to our customers and partners.”
Affected CPUs
Intel confirmed that Foreshadow affects all SGX-enabled Core processors (Skylake and Kaby Lake), while Atom family processors with SGX support remain unaffected. Intel confirmed that Foreshadow-NG affects the following processes:
· Intel Core i3/i5/i7/M processor (45nm and 32nm)
· 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
· Intel Core X-series Processor Family for Intel X99 and X299 platforms
· Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
· Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
· Intel® Xeon Processor E5 v1/v2/v3/v4 Family
· Intel® Xeon Processor E7 v1/v2/v3/v4 Family
· Intel® Xeon Processor Scalable Family
· Intel® Xeon Processor D (1500, 2100)
Cloud threat defence company RedLock’s Cloud Security VP Matthew Chiodi says, “What’s interesting about the Intel disclosure is that researchers simply followed the thread left by Spectre and Meltdown—this isn’t a completely new class of vulnerabilities.
“This means that while Intel is not officially aware of any exploits that take advantage of this today, certainly advanced nation-states have been working on them.
“Interestingly enough, back in June, the OpenBSD project announced plans to disable support for Intel CPU hyper-threading (HT) due to security concerns around more ‘Spectre-class bugs’ - Their announcement has proved prescient.”
Chiodi adds that public cloud titans Google, Microsoft and AWS quickly responded to Foreshadow by updating their respective infrastructure and services.
“Enterprise cloud consumers tangibly benefited as the vast majority of them are not operating multi-tenant workloads on the same VM.
“That doesn’t mean there’s nothing to do on the end-user side, but the cloud providers have already done a lot of the heavy lifting.
He concludes,” The bottom line is that even the best and fastest fixes aren’t effective unless all stakeholders do their part—this is especially relevant in public cloud given the shared responsibility model.
"It only takes one party, one weak link in the chain, for the exposure to remain.”
