Software engineers from CSIRO’s Data61 have identified a new variant of the hardware vulnerability ‘Meltdown’ that can be exploited to bypass Intel processors to access memory and data.
Known as Foreshadow, the new variant affects Intel’s Software Guard Extension (SGX) technology, which is a new feature in modern Intel CPUs. It is set up to allow the computer to protect the user’s data in a secure ‘fortress’ even if the entire system is compromised, according to Dr Yuval Yarom of Data61 and the University of Adelaide’s School of Computer Science.
"SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication or to prevent content being downloaded from video streaming services," he said.
However, the vulnerability causes the complete collapse of the SGX ecosystem.
"Foreshadow compromises the confidentiality of the 'fortresses', where this sensitive information is stored and once a single fortress is breached, the whole system becomes vulnerable," Dr Yarom warned.
The engineers’ discovery was made earlier this year and reported to Intel, but the company has now found a new variant of Foreshadow, named Foreshadow-NG, which affects almost all Intel servers used in cloud computing.
Therefore, Foreshadow-NG is theoretically capable of bypassing the earlier fixes introduced to mitigate against Meltdown and Spectre, potentially re-exposing millions of computers globally to attacks, according to Dr Yarom.
"Intel's discovery of the Foreshadow-NG variant is even more severe but will require further research to gauge the full impact of the vulnerability,” he said.
Dr Yarom said the SGX feature is widely used by developers and businesses globally, opening them up to a data breach that could potentially affect their customers as well.
"Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow,” he warned.
Intel has since released patches, updates and guidelines to resolve both Foreshadow and Foreshadow-NG.
Data61 CEO, Adrian Turner, said, "experts like Dr Yarom play a vital role in finding vulnerabilities, responsibly disclosing them and developing trustworthy systems to keep critical infrastructure secure”.
He revealed Data61 has joined the RISC-V Foundation's security task group which aims to prevent the likes of Meltdown and Spectre from occurring again.
Adrian Turner, CEO of CSIRO's Data61, said this is a significant discovery that shows the far-reaching impact of Meltdown and Spectre and reinforces the role of research for discovering and preventing flaws.