SgxSpectre attack can violate sensitive data stored in Intel SGX enclaves

by Linas Kiguolis - -

The newest Spectre attack dubbed as SgxSpectre can expose sensitive data stored in SGX enclaves at risk 

SgxSpectre - another Spectre attack that pose risk to sensitive data

Spectre-Meltdown CPU flaw[1] detected at the beginning of 2018 pose more of a challenge than it was expected by Microsoft, Intel, and other tech giants. Not only it managed to extend from Intel and AMD chips to Skylake, Kaby Lake, Coffee Lake chips; it allowed hackers to initiate multiple malware distribution campaigns[2] and software-based attacks.

At the beginning of March 2018, a group of six IT researchers from Ohio State University detected a new variant of Spectre attack dubbed as SgxSpectre, which can be used for cracking Intel's Software Guard Extensions (SGX) enclaves which are responsible for the isolation of sensitive components. In fact, the data guarded by these enclaves is probably most sensitive of all since operating system's components are not allowed to interact with the enclave-protected data.

Caroline Trippel and Daniel Lustig, researchers from Princeton University, and Margaret Martonosi from Nvidia foreseen the possibility of such attacks and outlined the scenario in a scientific work called “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting. Invalidation-Based Coherence Protocols.”[3] These are the newest Meltdown and Spectre vulnerabilities that can end up with sensitive data attacked.

Previous Meltdown and Spectre vulnerabilities did not have access to sensitive data protected by SGX

Intel's Software Guard Extensions (SGX) is a relatively new feature, which is available in modern Intel's' processors. It allows creating so-called enclaves for software protection, which deals with extremely sensitive data and coding information.

The aftereffects of the previous Spectre and Meltdown attacks on the SGX were not clear. Nevertheless, the immunity of the SGX enclaves raised many questions from the very beginning. It turned out that neither of these vulnerabilities exhibit traits allowing to crack SGX protection, but apparently hackers target for the data inside the enclaves. That's why SgxSpectre evolved.

According to SgxSpectre vulnerability researchers,[4] the vulnerability allows the exploitation of “the race condition between the injected, speculatively executed memory references, which lead to side-channel observable cache traces, and the latency of the branch resolution.” Currently, the vulnerability can affect Intel SGX, SDK, Rust-SGX, and Graphene-SDX.
The system can be affected when a specific code pattern in software libraries is enabled. The attacker that targets for the information kept within enclaves employ speculative execution and perform the prediction of enclave code by looking for small variations of cache size. As explained by the researchers,

The branch prediction units used in the enclave mode for predicting branch targets are not thoroughly cleansed upon enclave entrance. Therefore, code outside the targeted enclave (either running in the unprotected memory region or in another enclave) can manipulate the targets of the branch prediction inside the targeted enclave.

Intel has released a vulnerability scanning tool

The whole procedure might seem difficult for people who are not entangled in IT world. In a nutshell, with the help of Meltdown and Spectre vulnerabilities, hackers found a way to exploit the weaknesses of SDX code patters. These vulnerabilities subsequently allow hackers to modify SDK runtime libraries and attack any system developed with the Intel's official SGX SDK.

Intel and Microsoft reacted to the detected Meltdown and Spectre vulnerability immediately and started releasing patches. Unfortunately, not all of them are working, so it's a must to follow the news about this vulnerability.

Indirect Branch Restricted Speculation (IBRS) is one of the fixes represented by Intel. It addresses the Spectre Variant with the provision of adapted microcode. However, this patch is not oriented to SGX SDK vulnerability.
The deadline for the SgxSpectre patch release date is March 16, 2018. App developers will have to change older SDK version with the one that Intel is about to release into the SGX-based apps.

Those who want to check whether their PC's contain vulnerable codes, specialists created a vulnerability scanning tool,[5] which verifies enclave programs and checks code patters. In case SgxPectre exploits are detected, the user will be warned and urged to install the toolkit developed by Intel along with outdated software development toolkit for SGX application providers.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Linas Kiguolis
Linas Kiguolis - IT professional

Linas Kiguolis is a qualified IT expert that loves sharing his excellent knowledge about problems in Windows and Mac operating systems. Linas’ insights often help other team members find quick solutions for visitors of UGetFix site.

Contact Linas Kiguolis
About the company Esolutions


Your opinion regarding SgxSpectre attack can violate sensitive data stored in Intel SGX enclaves