In recent years, attacks such as Meltdown, Spectre and Foreshadow have shaken the trust in computers by exploiting vulnerabilities in processors, the heart of every computer. These attacks take advantage of design and implementation flaws in hardware optimizations allowing adversaries to steal secret information such as cryptographic keys by means of side channels.
Researchers from the System Security Lab of Prof. Ahmad-Reza Sadeghi have published a novel attack coined V0LTpwn. In contrast to previous attacks, V0LTpwn allows the direct manipulation of computations on the CPU. For instance, the attack can be used to manipulate the results of cryptographic operations.
For the V0LTpwn attack, the TU Darmstadt researchers show that attacker can use malicious software to reduce the processor voltage to a critical threshold at which certain instructions no longer operate correctly and produce bit flips in memory. Not only is this attack limited to data manipulation, but also it can be used to change the control flow of programs if the vulnerable instructions are present in the code.
The attack utilizes software interface provided by intel for expert users, e.g., Gamers, to be able to optimize the processor’s performance . Since accessing this interface requires elevated system privileges the risk for ordinary users is not increased. The researchers emphasize that the attack primarily targets the Intel SGX processors, an advanced security architecture for protecting security sensitive applications introduced in 2015.
In a responsible disclosure process, the results were initially reported confidentially to Intel. Consequently, Intel has provided appropriate security patches for the affected platforms. Since 2012, Intel and TU Darmstadt are cooperating in a collaborative research lab on resilient and secure autonomous systems.