Intel gap discovered
Security researchers have uncovered a flaw in modern Intel CPUs.
International teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year.
The flaw can be exploited to bypass Intel Processors’ secure regions to access memory and data, which are specifically designed to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.
The two teams that independently and concurrently discovered Foreshadow have published a report on a dedicated website about the vulnerability.
The issue relates to Intel’s Software Guard Extension (SGX) technology.
“SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication, or to prevent content being downloaded from video streaming services,” Dr Yuval Yarom from CSIRO’s Data61 and the University of Adelaide’s School of Computer Science said.
“Foreshadow compromises the confidentiality of the ‘fortresses’, where this sensitive information is stored and once a single fortress is breached, the whole system becomes vulnerable.
“The SGX feature is widely used by developers and businesses globally, and this opens them up to a data breach that can potentially affect their customers as well.
“Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow.
“Intel’s discovery of the Foreshadow-NG variant is even more severe but will require further research to gauge the full impact of the vulnerability.”