Sunday, May 9, 2021
Home Lead Story Computer Scientists Find New Vulnerability in Intel Processors

Computer Scientists Find New Vulnerability in Intel Processors

In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities

Computer scientists at Belgium’s leading higher education and research university KU Leuven have once again exposed a security flaw in Intel processors that could allow an attacker to acquire sensitive information, such as the victim’s fingerprints or passwords.

In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities that computer scientists at KU Leuven have helped expose.

“All measures that Intel has taken so far to boost the security of its processors have been necessary, but they were not enough to ward off our new attack,” said Jo Van Bulck from the Department of Computer Science at KU Leuven. Like the previous attacks, the new technique – dubbed Load Value Injection – targets the ‘vault’ of computer systems with Intel processors: SGX enclaves.

“To a certain extent, this attack picks up where our Foreshadow attack of 2018 left off. A particularly dangerous version of this attack exploited the vulnerability of SGX enclaves, so that the victim’s passwords, medical information, or other sensitive information was leaked to the attacker,” Jo Van Bulck said in a statement released by KU Leuven on Tuesday.

“Load Value Injection uses that same vulnerability, but in the opposite direction: The attacker’s data are smuggled – ‘injected’ – into a software programme that the victim is running on their computer. Once that is done, the attacker can take over the entire programme and acquire sensitive information, such as the victim’s fingerprints or passwords.”

The vulnerability was already discovered on April 4, 2019. Nevertheless, the researchers and Intel agreed to keep it a secret for almost a year. Responsible disclosure embargoes are not unusual when it comes to cybersecurity, although they usually lift after a shorter period of time.

“We wanted to give Intel enough time to fix the problem. In certain scenarios, the vulnerability we exposed is very dangerous and extremely difficult to deal with because, this time, the problem did not just pertain to the hardware: The solution also had to take software into account,” Van Bulck said.

Intel
Computer scientists at Belgium’s leading higher education and research university KU Leuven have once again exposed a security flaw in Intel processors that could allow an attacker to acquire sensitive information, such as the victim’s fingerprints or passwords. Wikimedia Commons

“Therefore, hardware updates like the ones issued to resolve the previous flaws were no longer enough. This is why we agreed upon an exceptionally long embargo period with the manufacturer,” Van Bulck added. The researcher said that Intel ended up taking extensive measures that force the developers of SGX enclave software to update their applications.

“However, Intel has notified them in time. End-users of the software have nothing to worry about: They only need to install the recommended updates,” Van Bulck said. “Our findings show, however, that the measures taken by Intel make SGX enclave software up to 2 to even 19 times slower,” he added.

ALSO READ: Google Plans To Establish “Coronavirus Fund” To Support Temporary Staff and Vendors Globally

In 2018, when researchers at KU Leuven discovered a vulnerabiliy, their attack was dubbed Foreshadow. In 2019, an attack, dubbed “Plundervolt”, revealed another vulnerability. Intel has released updates to resolves both flaws. (IANS)

STAY CONNECTED

19,511FansLike
362FollowersFollow
1,773FollowersFollow

Most Popular

Scientific Significance Of Coconut Breaking Ritual

BY- JAYA CHOUDHARY Breaking a coconut for Gods and Goddesses is a popular ritual in India, and it has a significant religious significance in Hinduism....

AI Based Tech To Detect Sarcasm On Social Media Platforms

Computer science researchers including one of Indian-origin at the University of Central Florida have developed an artificial intelligence (AI)-based sarcasm detector for posts on...

Victimization Of Social Activists & Dissidents In Pak-Occupied J&K

At a hurriedly called press conference in Nakyal on May 6 in Pakistani Occupied Jammu Kashmir (PoJK), Awami Workers Party leader Nissar Shah advocate...

WhatsApp: Lose Functions Or Accept The Privacy Policy

Facing criticism over its upcoming privacy policy, WhatsApp has said that its users will not immediately lose their accounts or face curtailed functionalities on...

The Fascinating Journey Of Polo Player, DJ and designer Rina Shah

Having become one of the few professional female Polo players in India, that too in her late thirties, along with being an entrepreneur, shoe...

Ashtottaram 50) OṀ HINDUBHŨMYAI NAMAH

By Devakinandan  Ashtottaram 50) OṀ HINDUBHŨMYAI NAMAH: Ashtottaram 50: OṀ (AUM)-HIN-ḊU-BHOO-MYAI—NA-MA-HA   ॐ हिन्दुभूम्यै नमः                                  (Hindu: One who rejects untruth) Hinduism is a major religious and cultural...

‘Books From India Are My Gift To The World’, Says Ray McLennan

In 1998, Ray McLennan, who till then had been importing into the UK "all sorts of things" from India like musical instruments, saris, tilak,...

This Mothers’ Day Spoil Your Mom With An Unforgettable Meal

There may not be a heart as pure and loving as our mom's. Our mother is our 'Superhero'; she is a great multi-tasker, and...

Recent Comments