A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory.
On March 10, computer researcher Daniel Gruss uploaded a video to YouTube describing how the proof-of-concept attack, dubbed a “Load Value Injection [LVI],” can be used to steal sensitive data from Intel SGXs — including encrypted keys for cryptocurrency exchanges and wallets.
The attack is significant as SGX processors are designed to provide secure storage sensitive stored within a computer's memory, even when in the presence of a malicious operating system.
LVI discloses cryptocurrency keys from Intel SGX
The LVI works by getting a vulnerable system to run a script that could be hosted on a malicious website or application to launch a side-channel attack targeting the SGX. Once compromised, the attacker can access encrypted keys stored within the SGX. Gruss states:
“In a meltdown-type attack, the attacker deliberately tries to load secret data — causing the processor to cancel and reissue the load. The canceled load keeps on running for a short time — long enough for an attacker to perform operations on the secret data.”
LVI attacks were first discovered by Jo Van Bulk during April 2019. He published an academic paper detailing the attack on March 10, which included contributions from Daniel Gruss and eight other researchers.
Attacks are not expected to target consumer computers
The paper describes LVI attacks as a reverse Meltdown attack, with the researchers noting that while LVI primarily targets Intel CPUs, other chips that are vulnerable to Meltdown are also susceptible to it.
However, the researchers conclude that it is unlikely that LVI attacks will be used to exploit consumer machines, citing the extreme difficulty of carrying out LVI, and the prevalence of easier means with which to compromise consumer-grade computer systems.
The attack must also be carried out at the time that the malicious code is executed, further reducing the likelihood that the LVI exploit will be used to target consumer machines.
Intel publishes list of vulnerable processors
In response to the paper, Intel has published a list compiling all of its processors that are vulnerable to LVI, noting that all Intel chips with hardware fixed for Meltdown are not at risk. Intel stated:
“Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real-world environments where the OS and VMM are trusted.”