Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds.

Author: Shazin Sadakath


Earlier this year we talked about Spectre and Meltdown vulnerabilities in Intel Processor Chips which used Speculative execution attack to read sensitive information. Following this trend the latest vulnerability to come up is Foreshadow

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.

How Foreshadow attack works

The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG.

Demonstration

Mitigation

Intel has released an advisory which can be referred to identify affected CPUs and take action.

 



Tags: Foreshadow Intel Vulnerability
Views: 134
Register for more exciting articles

Comments

Please login or register to post a comment.


There are currently no comments.