Intel SGX Exploitable Malfunction Targeting Crypto Key Detected

By Mary T. | March 12, 2020
Paper Crypto Wallet Site Major System Glitch Gave Same Crypto Keys to Users

An exploitable malfunction has reportedly been detected in Intel-developed Software Guard eXtensions (SGX), causing passwords and cryptokeys vulnerable to being drawn off from a computer’s memory. 

Specifically, via his Youtube channel, computer expert Daniel Gruss has provided details to how the proof-of-concept attack – a.k.a a “Load Value Injection [LVI]” – is utilized as a tool to illegally acquire important information from Intel SGXs – including encrypted keys to access crypto exchange platforms and wallets

This discovery is noticeable since SGX processors are particularly created to offer safekeeping for sensitive data, enclosed in a computer’s memory, despite the appearance of a malicious operating system. 

The LVI exploited a vulnerability, firstly by running a script, operable via a hostile web page or application, to initiate a side-channel attack against the SGX. When the compromisation phase is complete, the hacker will be able to get ahold of encrypted keys stored within the SGX. 

“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.” Gruss further claimed. 

“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.” Intel has released an announcement regarding the matter.

Tags: , ,