Researchers from the University of Birmingham in the UK, Graz University of Technology in Austria and KU Leuven in Belgium have developed a new attack tool that is capable of corrupting the integrity of Intel Software Guard Extensions (SGX) in Intel Core processors by controlling the voltage when executing enclave computations. Plundervolt works by created a low voltage in the CPU to create a fault. These faults, when predicted, can be manipulated to allow an attacker with root-level privileges in the infected system to leak secrets, including encryption keys.
Intel has released a microcode update that patches the issue. This is an example of ethical hacking and responsible disclosure to a vendor. Since this technique is believed to only be exploitable by an attacker who already has root-level access to a system, the best approach is to apply the patch and put detections in place to prevent attackers from getting root access to begin with. Organizations can greatly benefit from using penetration testing services, such as TrustedSec, that are capable of attacking a company’s systems in an effort to find exploitable flaws in a system to suggest fixes to patch those flaws. Also utilizing a managed Endpoint Detection and Response (EDR) system, such as the Binary Defense Security Operations Center, can monitor, detect and defend from attacks such as these by detecting attacker behaviors that appear after the attacker has exploited the system to elevate privileges. Even if the exploitation of a new vulnerability is not detected by traditional security tools, the actions that the attacker takes after gaining access can be detected through advanced techniques, including adversary deception and active defense measures included in advanced EDR software.
Source Article: https://plundervolt.com/, https://cyware.com/news/intel-cpu-flaw-lets-attackers-manipulate-voltage-and-leak-secrets-6a839991