Intel processors are facing another major security threat after researchers uncovered a new attack on the company’s hardware.
Known as SGAxe, the attack targets a supposedly super-secure function within Intel processors in the latest attempt to steal protected user data in a long line of attacks since 2018’s Meltdown and Spectre threats.
Intel says it has already released fixes and patches to cover some of the damage, but some issues still remain a threat, with machines using the company’s 9th generation Coffee Lake Refresh processors particularly at risk.
SGAxe breaches the security guarantees of Intel Software Guard eXtensions (SGX) services, which look to protect the inner workings of a system alongside vital data such as passwords and encryption keys.
Developed by the company, SGX is a security feature built into Intel processors that allows apps to operate and run within blocks of secure memory known as “enclaves” – protected software containers that offer hardware-based memory encryption for high-end protection.
Using SGAxe, an attacker could steal legitmate SGX attestation keys from Intel’s quoting enclave in existing SGX machines, meaning they could then impersonate such systems and gain access to target devices.
The researchers note that there is no evidence the flaw was exploited in the wild, but alerted Intel as soon as it was discovered. However SGAxe does appear to be an evolution of the CacheOut attack revealed in January, with the two exploits able to work in tandem to break into systems.
Intel says it is working on a fix to cover both attacks, with a microcode update coming soon.
“The CacheOut researchers recently informed us of a new paper referred to as SGAxe,” Intel Director of Communications Jerry Bryant said in a statement.
“It is important to note that SGAxe relies on CVE-2020-0549 which has been mitigated in microcode (confirmed by the researchers in their updated CacheOut paper) and distributed out to the ecosystem.”
The company has also published a list of affected processors for users looking to see if their systems are at risk.
Via Ars Technica