SGAxe Attacks Chopping off Data From Intel SGX Enclaves

A new attack has been found to breach the security guarantees of Intel Software Guard eXtensions (SGX) enclaves.

The situation

  • SGX is a security feature of modern Intel processors that allows apps to run and store their sensitive data within secure software containers, known as enclaves. These enclaves provide hardware-based memory encryption - isolating the app code and data in memory.
  • This attack is dubbed SGAxe that has been tailor-made for Intel processors. SGAxe is a successor of the CacheOut attack, which was discovered in January this year.

Past attacks on Intel SGX

Intel’s digital vault seems to attract constant attention by threat actors. Speculative executions seem to be the gift that keeps on giving.
  • CrossTalk is another new security bug that enables attacker-controlled code execution on one CPU core to leak sensitive data from other software running on a different core.
  • In 2019, a team of researchers devised Load Value Injection (LVI) based on Meltdown, Spectre, and Microarchitectural Data Sampling (MDS). however, LVI is capable of bypassing the mitigations in place for these flaws and gain access to any memory.
  • In 2018, a bunch of researchers broke into Intel after building on Meltdown and Spectre.

Worth noting

  • Most Intel processors are vulnerable to attacks. The SGAxe attack can be used against machines using Intel’s 9th generation Coffee Lake Refresh processors, fully updated with all the SGX countermeasures Intel published so far.
  • With SGAxe, an attacker can target a vast range of SGX-protected data; for instance: wallet information for financial transactions.
  • The attack is also capable of stealing cryptographic keys that are used by SGX for attestation.

The bottom line

All these attacks point to the fact that Intel is not going to be able to abate these exploits any time soon. With the large number of vulnerabilities being reported in Intel CPUs, it is imperative that the chipmaker devises a secure development lifecycle.