Researchers of websites security of 3 different european universities revealed a find of a vulnerability that affects the CPU of Intel. This error, identified as Plundervolt, is exploitable abusing from a feature of the SO to gain control of the frquency and the voltages of the target device, which allows the manipulation of Intel SGX data.
The vulnerability has the capacity to adjust the frequency and the voltage of the Intel CPUs to help the hacker to open him a way to the secured data in the Intel extensions Software Guard. The alteration in the frequency allows to modify the performance of SGX to extract information from the user, like coded keys.
And if that was not enough, the exploit of this vulnerability allows the hacker to reintroduce errors to the SO that were repaired earlier. The affected system is included by default in every Intel processor since 2015, so the range of the attck is huge. Intel SGX was developed to operate as a secure region inside the CPU, said the experts in website security.
In the report, the experts confirmed that Plundervolt was born due the analysis of other dangerous errors affecting Intel, like dangerous vulnerability Rowhammer and CLJSCREW, that allows complex malicious activities in the Intel developments.
One of the main conclusions in this investigations is that Plundervolt is a combination of the two errors mentioned earlier. The modifications in the system made by the vulnerability are enough to generate multiple errors in the functions of Intel SGX.
Besides, the experts in website security of the International Institute of Cyber Security(IICS) assure that Plundervolt is capable to modify the designed processes for the protection of the information in Intel SGX. Despite the importance of this error, not everything are bad news, because it seems that thst this vulnerability is only exploitable locally, at least for now.
In theory, the remote exploit of Plundervolt requires a program that executes with administrative privileges, however, even if the theorical requisites are done, the remote exploit of this error is still a complex process.