'Foreshadow' Intel processor attack bypasses protections for secure data held on chip

Posted:
in macOS
A new vulnerability called "Foreshadow" affecting Intel processors has been revealed by researchers to bypass the company's built-in security on the chip, an attack which has the potential to acquire sensitive data stored on supposedly secure cordoned-off areas on the processor.




Foreshadow attacks a feature on Intel processors called Secure Guard Extensions (SGX), which are meant to help protect a user's data held in the processor, even if the entire computer was controlled by an attacker, reports Wired. In effect, SGX creates a secure section of memory on the chip designed for holding sensitive data, one that cannot be directly read by malicious code.

While SGX was previously thought to be able to fend off speculative execution attacks, such as those stemming from Meltdown and Spectre, the Foreshadow vulnerability uses a similar technique but can gain access to the SGX-protected L1 memory. Foreshadow is even capable of extracting the target's private attestation key, a cryptographic key used for SGX integrity checks.

As SGX's built-in privacy protection makes it difficult to know who signed the enclave, knowing the attestation key can allow for the creation of SGX signatures that could appear to be genuine, but isn't. As the attestation key is compromised, this means multiple machines in the same ecosystem could be compromised at the same time, rather than just one.





Speculative execution attacks rely on a processor's guess of what operation it will be asked to perform, and its preparation. This is done to save resources, but at the same time produces information that could be useful for an attacker to insert their own instructions, and in turn gain control of the system.

Two similar variants have also been discovered, named Foreshadow-NG, which also attacks SMM code, operating systems, hypervisor software, and other microprocessors. According to the researchers, this could impact virtual machines on cloud services, including the use of a malicious guest VM reading the memory of the hypervisor or even memory belonging to another VM.

Researchers from KU Leuven initially discovered the vulnerability, independently from research into Meltdown and Spectre, with the team notifying Intel on January 3, 2018. Other researchers from Technion, the University of Michigan, the University of Adelaide, and CSIRO's Data61 also found the issue separately, alerting Intel to their research on January 23.

The researchers advise the Foreshadow attacks can be performed against all Skylake and Kaby Lake processors, due to the chip families all using SGX. There are few traces in logs following an attack, which can also be launched in "user space," namely that an attacker does not require deep system access to perform it.

While potentially hazardous, the research teams also note that most users are unlikely to be hit by Foreshadow, due to the challenges of performing the attack, and the relatively limited number of desktops running SGX-enabled processors in the first place. Other routes of attack, including distributing malware and phishing attempts, are still more likely to be favored by attackers compared to the new discovery.

Intel has advised it will be providing mitigations to combat Foreshadow, addressing both software and microcode problems. Distribution for what Intel calls the "L1 Terminal Fault" commenced in May, with the chip maker also co-ordinating with major tech firms to distribute relevant patches.

It is highly likely that Apple will be involved in the patching process, if it hasn't already, as it uses Intel processors across its entire Mac and MacBook product lines. Current-generation iMac models use Skylake processors, and while earlier MacBook Pro models used Skylake and Kaby Lake chips, the latest use Coffee Lake.

Comments

  • Reply 1 of 14
    mcdavemcdave Posts: 1,170member
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    Soliwatto_cobra
  • Reply 2 of 14
    mcdave said:
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    It bums me out when I see brand fans making statements like this. AMD wasn't immune to timing attacks. This whole area of security research at the chip level is novel. It's not like suddenly you move to ARM and then you're perfectly safe from unforeseen flaws in chip designs. You're gonna learn as you go as researchers get more and more clever at finding ways to attack them.
    Rayz2016mazda 3sdewmechasmnumenorean
  • Reply 3 of 14
    GG1GG1 Posts: 269member
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    watto_cobra
  • Reply 4 of 14
    Rayz2016Rayz2016 Posts: 4,730member
    GG1 said:
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    No, I don’t think so, but this is just my opinion. 

    I think Linux has benefitted from being open. I think having access to the internals gives people the opportunity to hack away at it and find bugs. 

    Linux is  open, and it seems very secure. 

    IreneWwatto_cobra
  • Reply 5 of 14
    GG1GG1 Posts: 269member
    Rayz2016 said:
    GG1 said:
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    No, I don’t think so, but this is just my opinion. 

    I think Linux has benefitted from being open. I think having access to the internals gives people the opportunity to hack away at it and find bugs. 

    Linux is  open, and it seems very secure. 

    My very limited understanding is that Meltdown/Spectre are dependent upon the chip hardware architecture (pipelines/memory caches, ...) and not so much due to Windows. You're saying it isn't as cut-and-dried as that? I thought Meltdown/Spectre also affected Linux.
    watto_cobra
  • Reply 6 of 14
    Come on Apple, we NEED some C-Series or whatever letter they want chips in new Macs!!
    watto_cobramcdave
  • Reply 7 of 14
    wizard69wizard69 Posts: 12,860member
    mcdave said:
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    An AMD chip could be a smart move on Apples part.   It is my understanding, at the moment, that AMD's chip doesn't suffer from this fault.   Given that I'd love to see an Apple ARM chip in the Mac Book, even a Mac Mini replacement.    IPad has pretty much proven that the performance is there for the Mac Book and of course new hardware would use a newer chip (possibly A12) which ought to have vastly improved GPU capabilities.   In other words I expect that A12 will be good enough for a Mac Book without Apple having to design a new chip.   If they want ARM in the MBA (whatever repalces them), the Mini or other machines they will likely need an up rated chip.

    As for Intel they have gotten really sloppy in the pursuit of performance.   I've seen lots of excuses in the engineering forums but as far as I'm concerned most of them are  baloney.    The very fact that AMD's chips have avoid some of the more significant bugs pretty much proves a different set of priorities at AMD.
    watto_cobra
  • Reply 8 of 14
    wizard69wizard69 Posts: 12,860member
    mcdave said:
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    It bums me out when I see brand fans making statements like this. AMD wasn't immune to timing attacks. This whole area of security research at the chip level is novel. It's not like suddenly you move to ARM and then you're perfectly safe from unforeseen flaws in chip designs. You're gonna learn as you go as researchers get more and more clever at finding ways to attack them.
    It has nothing to do with being a "fan".   The fact of the matter is that Intel made design decisions that others didn't that compromised their processors significantly.

    Now does AMD, ARM or whomever have issues - they do.   The difference is that the mitigation required to solve the problems on AMD's chips are far fewer and less performance damaging.   In any event comments like this leave me believing the real problem here is Intel fans not willing to hold intel accountable.   We have seen this repeatedly over the decades as various Intel only shortcomings have surfaced and then been plastered over in the hopes that nobody will hold a long term grudge.   Why Intel gets a pass and other don't is beyond me.
    watto_cobra
  • Reply 9 of 14
    wizard69wizard69 Posts: 12,860member
    GG1 said:
    Rayz2016 said:
    GG1 said:
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    No, I don’t think so, but this is just my opinion. 

    I think Linux has benefitted from being open. I think having access to the internals gives people the opportunity to hack away at it and find bugs. 

    Linux is  open, and it seems very secure. 

    My very limited understanding is that Meltdown/Spectre are dependent upon the chip hardware architecture (pipelines/memory caches, ...) and not so much due to Windows. You're saying it isn't as cut-and-dried as that? I thought Meltdown/Spectre also affected Linux.
    Some of the issues are very hardware related and impact many architectures (ARM, Intel, AMD and even some IBM hardware).   All current operating Systems have had to have mitigation work put in place and that mitigation varies with the hardware and the OS.   Basically the OS's have to be modified with additional code that masks out the issues.    How much of an impact the mitigation has is very work load dependent and thus render hardware barely able to do the job they where intended for.   The other way to look at it is that mitigation can impact some workloads so significantly that you will need to buy new hardware.

    As for Linux being secure I will not go down that rabbit hole.   In the end most attacks do not exploit hardware as much as they do software issues.
  • Reply 10 of 14
    Rayz2016Rayz2016 Posts: 4,730member
    GG1 said:
    Rayz2016 said:
    GG1 said:
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    No, I don’t think so, but this is just my opinion. 

    I think Linux has benefitted from being open. I think having access to the internals gives people the opportunity to hack away at it and find bugs. 

    Linux is  open, and it seems very secure. 

    My very limited understanding is that Meltdown/Spectre are dependent upon the chip hardware architecture (pipelines/memory caches, ...) and not so much due to Windows. You're saying it isn't as cut-and-dried as that? I thought Meltdown/Spectre also affected Linux.
    Well, no.  I was just making the general comment that hiding technical details doesn’t make things more secure. 
    watto_cobra
  • Reply 11 of 14
    IreneWIreneW Posts: 166member
    GG1 said:
    How do these researchers (and hackers) understand enough of the low-level chip details, such as SGX, to attempt these exploits? Are there enough low-level architectural details in the Intel developer specs?

    Then if Apple do not reveal similar specs on their A-series chips, such as Secure Enclave, etc., wouldn't that make the A-series more immune to these attacks by virtue of no documentation?
    That strategy has been used and is known as "security by obscurity". Most researchers says it doesn't work (see e.g. the Mifare/Oyster Card debacle).
    Rayz2016
  • Reply 12 of 14
    A shitshow without ending
  • Reply 13 of 14
    mcdavemcdave Posts: 1,170member
    mcdave said:
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    It bums me out when I see brand fans making statements like this. AMD wasn't immune to timing attacks. This whole area of security research at the chip level is novel. It's not like suddenly you move to ARM and then you're perfectly safe from unforeseen flaws in chip designs. You're gonna learn as you go as researchers get more and more clever at finding ways to attack them.
    I’d say the “brand fan” is the one clinging to Intel in spite of; more security issues than other architectures, delayed 10nm delivery, failure to deliver product at proposed TDP.  Apple just don’t need it and forcing them to cut to their own micro architecture if not ISA entirely would help them integrate software and silicon which is absolutely where they could nail any competition.
  • Reply 14 of 14
    mcdavemcdave Posts: 1,170member

    wizard69 said:
    mcdave said:
    Time to move on from Intel.

    A new ARM MacBook makes sense, it doesn’t need the x86-64 performance an MBP does and I’m pretty sure 3rd party software use is fairly minimal on these machines.  Emulating macOS/Windows x86 should be at Intel Y levels by now.  Maybe license AMD64 for the job.

    I just wish they’d hurry up & show some point of difference rather than cost.
    An AMD chip could be a smart move on Apples part.   It is my understanding, at the moment, that AMD's chip doesn't suffer from this fault.   Given that I'd love to see an Apple ARM chip in the Mac Book, even a Mac Mini replacement.    IPad has pretty much proven that the performance is there for the Mac Book and of course new hardware would use a newer chip (possibly A12) which ought to have vastly improved GPU capabilities.   In other words I expect that A12 will be good enough for a Mac Book without Apple having to design a new chip.   If they want ARM in the MBA (whatever repalces them), the Mini or other machines they will likely need an up rated chip.

    As for Intel they have gotten really sloppy in the pursuit of performance.   I've seen lots of excuses in the engineering forums but as far as I'm concerned most of them are  baloney.    The very fact that AMD's chips have avoid some of the more significant bugs pretty much proves a different set of priorities at AMD.
    Ah, I didn’t mean an AMD chip but license the AMD64 ISA (assuming Intel won’t let them become an x86 licensee).  That way the processor could run software across both Instruction Sets providing support for legacy Mactel & Wintel software but unleashing new silicon engines via MacOS/ARM.
Sign In or Register to comment.