'Foreshadow' Intel processor attack bypasses protections for secure data held on chip

Foreshadow attacks a feature on Intel processors called Secure Guard Extensions (SGX), which are meant to help protect a user's data held in the processor, even if the entire computer was controlled by an attacker, reports Wired. In effect, SGX creates a secure section of memory on the chip designed for holding sensitive data, one that cannot be directly read by malicious code.

While SGX was previously thought to be able to fend off speculative execution attacks, such as those stemming from Meltdown and Spectre, the Foreshadow vulnerability uses a similar technique but can gain access to the SGX-protected L1 memory. Foreshadow is even capable of extracting the target's private attestation key, a cryptographic key used for SGX integrity checks.

As SGX's built-in privacy protection makes it difficult to know who signed the enclave, knowing the attestation key can allow for the creation of SGX signatures that could appear to be genuine, but isn't. As the attestation key is compromised, this means multiple machines in the same ecosystem could be compromised at the same time, rather than just one.

Speculative execution attacks rely on a processor's guess of what operation it will be asked to perform, and its preparation. This is done to save resources, but at the same time produces information that could be useful for an attacker to insert their own instructions, and in turn gain control of the system.

Two similar variants have also been discovered, named Foreshadow-NG, which also attacks SMM code, operating systems, hypervisor software, and other microprocessors. According to the researchers, this could impact virtual machines on cloud services, including the use of a malicious guest VM reading the memory of the hypervisor or even memory belonging to another VM.

Researchers from KU Leuven initially discovered the vulnerability, independently from research into Meltdown and Spectre, with the team notifying Intel on January 3, 2018. Other researchers from Technion, the University of Michigan, the University of Adelaide, and CSIRO's Data61 also found the issue separately, alerting Intel to their research on January 23.

The researchers advise the Foreshadow attacks can be performed against all Skylake and Kaby Lake processors, due to the chip families all using SGX. There are few traces in logs following an attack, which can also be launched in "user space," namely that an attacker does not require deep system access to perform it.

While potentially hazardous, the research teams also note that most users are unlikely to be hit by Foreshadow, due to the challenges of performing the attack, and the relatively limited number of desktops running SGX-enabled processors in the first place. Other routes of attack, including distributing malware and phishing attempts, are still more likely to be favored by attackers compared to the new discovery.

Intel has advised it will be providing mitigations to combat Foreshadow, addressing both software and microcode problems. Distribution for what Intel calls the "L1 Terminal Fault" commenced in May, with the chip maker also co-ordinating with major tech firms to distribute relevant patches.

It is highly likely that Apple will be involved in the patching process, if it hasn't already, as it uses Intel processors across its entire Mac and MacBook product lines. Current-generation iMac models use Skylake processors, and while earlier MacBook Pro models used Skylake and Kaby Lake chips, the latest use Coffee Lake.