Foreshadow: Researchers discover another Intel processor vulnerability

Two international teams of security researchers have independently and concurrently discovered “Foreshadow,” a new variant of the hardware vulnerability known as “Meltdown,” which exploits a bypass of Intel processors’ secure regions to access memory and data.

The Foreshadow vulnerability affects Intel’s Software Guard Extension (SGX) technology, a feature in modern Intel CPUs that protects data within a secure “fortress” even if the entire system falls under an attacker’s control. Foreshadow is similar to Spectre and Meltdown, hardware-based attacks that shook the security world in early 2018 when researchers were able to break several security features present in most Intel-based machines.

As a group effort, researchers from the University of Michigan, the Belgian research group imec-Distrinet, Technion Israel Institute of Technology, the Univer­sity of Adelaide (Australia), and Data61 (Canberra, Australia) published a report (foreshadowattack.eu/foreshadow-NG.pdf) about the vulnerability, which causes the complete collapse of the SGX ecosystem and compromises users’ data.

“SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication or to prevent content being downloaded from video streaming services,” says Yuval Yarom of Data61 and the University of Adelaide’s School of Computer Science. “Foreshadow compromises the confidentiality of the ‘fortresses,’ where this sensitive information is stored; once a single fortress is breached, the whole system becomes vulnerable.”

Intel was alerted about the vulnerability in mid-2018. The company’s own investigation led it to discover a new variant of Foreshadow, called Foreshadow-NG, which affects nearly all Intel servers used in cloud computing. The NG type targets the Intel-based virtualization environments used by cloud computing giants Amazon and Microsoft to create thousands of virtual PCs on a single large server.

Foreshadow-NG essentially breaks the digital wall that keeps individual cloud customers’ virtual PCs isolated from one another on large servers. This breakdown could enable a malicious virtual machine running to read data belonging to other virtual machines, according to the researchers. The virtualization code is present in every Intel-based computer manufactured since 2008.

“Foreshadow-NG could break the fundamental security properties that many cloud-based services take for granted,” says Baris Kasikci, a University of Michigan assistant professor of computer science and engineering. Foreshadow-NG is theoretically capable of bypassing the earlier fixes for Meltdown and Spectre vulnerabilities, potentially re-exposing millions of computers across the globe to attacks.

How does the attack work? Both variants of the vulnerability gain access to the victim’s machine via a side channel attack. These attacks infer information about a system’s inner workings by observing patterns in seemingly innocuous information – such as how long it takes the processor to access the machine’s memory. This information can be used to gain access to the inner workings of the machine. The attack then confuses the system’s processor by exploiting a feature called speculative execution, which is used in all modern CPUs: It speeds processing by enabling the processor to essentially guess what it will be asked to do next and plan accordingly.

The attack feeds in false information that leads speculative execution into a series of wrong guesses, and the processor becomes hopelessly lost. This confusion is then exploited to cause the victim’s machine to leak sensitive information. In some cases, the researchers say that it can even alter information on the victim’s machine.

While these vulnerabilities are caught before causing major damage, Ofir Weisse, a University of Michigan graduate student research assistant involved in the work, points out that such gaps expose the fragility of secure enclaves and virtualization technologies. He believes that the key to keeping technologies secure is to make designs open and accessible to researchers so that they can identify and repair vulnerabilities quickly.

Data61’s Yarom says “Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow. Their discovery of the Foreshadow-NG variant is even more severe, but will require further research to gauge the full impact of the vulnerability.”

Intel has since released software and microcode patches to protect against both varieties of attack. Cloud providers will need to install updates to guard their machines and, on an individual level, the owners of every SGX-capable Intel PC manufactured since 2016 will need an update to protect their SGX.

Researchers are now exploring whether similar flaws exist in other manufacturers’ processors.