Hackers can now allegedly, exploit Intel chips via voltage alterations which could lead to a messed up flow of electricity only to weaken the security mechanisms of the chips.
Two research teams from Europe and America had realized that this disruption in the voltage could cause sensitive information stored on the Intel chips to leak using the “Secure Guard Extensions” feature.
The researchers were asked to keep these facts concealed for the last half-year. Intel then sent out updates of its firmware to thwart any possibilities of attack.
“Plundervolt”, per source is the technique named by the researchers which comprises of planting malicious software on the target device to temporarily reduce the voltage of its electrical flow to the Intel chip.
The drop in voltage referred to as “undervolting” generally lets genuine users to conserve power when not needed and to vary the voltage to “overclock” the processor for more strenuous tasks.
But reportedly, by transitorily “undervolting” a processor and timing it accordingly could easily aid a hacker to make the chip dance to their tunes and falter, in turn revealing sensitive data stored within the “SGX enclave”.
Per the researchers, the CPU voltage when reduced could cause a “computation” error in the Intel chips. A “bit-flip” or a “fault injection” in the chips can change a “zero” to “one” on the SGX enclave.
In these potentially exploitable chips, if cryptographic computations are done, the “secret key” could be easily discover-able. The entire chip’s security would become times weaker, leading the data to decipher easily.
The attack in question is undoubtedly not easy to execute. It requires the target computer to already have the malware installed on it by the attacker. The SGS feature of Intel which was vastly advertised as corruption and threat proof in terms of sensitive data. This attack happens to present a startling position of compromise.
ARM Chips other than Intel’s were also experimented upon by artificially fluctuating their voltage much like “Plundervolt” to destabilize the security of the processors.
Intel chips haven’t always had a good record in ensuring security if the processors. Per reports, previous attacks “Spectre” and “Foreshadow” also abused the “speculative execution feature” of the chips way before the patched were released.
“Return-oriented programming” is another technique that could be used to exploit the chips which could make an “already planted” malware invisible to the anti-virus software.
Intel though, did send out an update for its Chips’ firmware which helps the user to freeze the voltage settings to cancel out any further possibilities of the above-mentioned attack.
Although, the way of counteracting the issue of “over-clocking” and the details as to the elaborate details of the update haven’t been sent out by Intel, yet. All that could be said is that keep the processors well updates and all patched up.