Foreshadow - the fifth most serious security hole in the CPU in 2018

The story with Specter and Meltdown is still unresolved, security security researchers now face a new hardware vulnerability that will likely have a serious impact.Named Foreshadow, this vulnerability is similar to Specter but affects one of Intel's security elements (Software Guard Extensions (or SGX).

SGX allows software to set up a safe area in the processor to work with sensitive data.These areas are limited, just like a sandbox does not allow execution of the code in it so even if there is a virus or malware invading, the data is still safe.

But researchers from five research institutes around the world have discovered that although SGX can be safe from Specter and Meltdown, it may have to give in to Foreshadow.

Foreshadow has two versions: the initial attack is to retrieve data from the safe area of ​​SGX and the second is Foreshadow NG (Next Generation) to retrieve information in the L1 cache.NG affects both virtual machines, OS kernel memory, system management memory, potentially threatening the entire cloud platform architecture.

The researchers tried to perform memory access attacks protected by SGX on L1 and found that it also obtained an 'authentication key' for SGX to perform integrity checks.'An important concept of SGX is the content protected by the lock that Intel holds as a 3rd party', Wired wrote, 'The external system can check validity by viewing this signature'.

Intel has a lot of work to do with its chips

When an authentication key is obtained, an attacker can create SGX signatures that look real.This also reduces the protection of 'group signatures', which ensures the anonymity of important data storage areas.Group signatures separate this area from the signature only, making it difficult to penetrate the region or create fake signatures.'The core that makes SGX reliable is that this lock never leaves SGX'.

Intel evaluates Foreshadow as 'very serious' and confirms it affects all processors with SGX, while Atom CPUs do not.The list below is for Intel itself.

1. Intel Core i3 / i5 / i7 / M processor (45nm and 32nm)
2. 2nd generation / 4th / 4th / 5th / 6th / 7th / 8th generation Intel Core processors
3. Intel Core X-series processors for Intel Intel X99 and X299
4. Intel Xeon processor line 3400/3600/5500/5600/6500/7500 series
5. Intel Xeon processor line E3 v1 / v2 / v3 / v4 / v5 / v6
6. Intel Xeon processor line PE5 v1 / v2 / v3 / v4
7. Intel Xeon processor line E7 v1 / v2 / v3 / v4
8. Intel Xeon Processor Scalable Processor line
9. Intel Xeon D processor line (1500, 2100)

To ensure system safety before Foreshadow will need to fix both software (OS, VM, VMM .) and microcode (hardware firmware, BIOS).

How to protect your computer against a Foreshadow security vulnerability

Intel said it has released a microcode update for its partners since May 6 and is in the process of rolling out remedies for affected processors.They hope there will be no significant impact on CPU speed.System and software manufacturers will release these microcode via BIOS update.It is also necessary to patch both OS and VMM.

See more:

1. Intel's chip has eight new serious vulnerabilities
2. Intel faces a new vulnerability called BranchScope