Remote hackers can modify CPU voltage to steal secrets from Intel SGX enclaves
An undocumented feature in Intel CPUs allows attackers to manipulate the voltage of Intel CPUs to trigger computational faults in a controlled manner. This can be used to defeat the security guarantees of the Intel SGX trusted execution environment, which is meant to protect cryptographic secrets and to isolate sensitive code execution in memory.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
The Intel Software Guard Extensions (SGX) is a technology present in modern Intel CPUs that allow users to set up so-called enclaves where the CPU encrypts part of the memory and doesn’t allow any programs except those running inside the enclave to access it.
Source:: IT news – Security