DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 20, 2019 
Main Menu
News archives

Who's Online
There are currently 156 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Intel Software Guard Extensions (SGX) can be abused to hide malware

Posted on Tuesday, February 12 2019 @ 10:04:43 CET by

INTC logo
Intel designed its Software Guard Extensions (SGX) to increase the security of application code and data, but now security researchers discovered a vulnerability in SGX that can be used to hide malware. Instead of protecting users, this exploit turns SGX into a security threat. Details of how the attack works can be found at The Register.
In a paper scheduled for publication on Tuesday, "Practical Enclave Malware with Intel SGX," brainiacs at the Graz University of Technology in Austria describe a technique for bypassing various security technologies like ASLR, and executing arbitrary code that can steal information or conduct denial-of-service attacks, via SGX and ROP.

Enclaves have to talk to the outside world via their assigned host application, yet the team's SGX-ROP approach allows the enclave to meddle with the underlying system as a normal process. In effect, malware in the enclave is hidden from view, but it can potentially do what it likes to the environment around it. This also means the enclave can keep its vulnerability exploits and parts of its malicious behavior out of view and secret.
Intel is aware of the attack and issued the following statement to The Register. Basically, the chip giant recommends to not execute untrusted code.
Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba