2 min Security

SGX, Intel’s seemingly secure data fortress, has been breached

SGX, Intel’s seemingly secure data fortress, has been breached

The ÆPIC leak CPU bug spills users’ sensitive and confidential data in seconds from Intel SGX enclaves.

Intel’s latest CPUs contain a major vulnerability that enables attackers to achieve encryption keys as well as other private data protected by its SGX. This cutting-edge feature works as a vault for securing users’ sensitive secrets.

SGX (Software Guard Extensions) is specifically designed to offer a fortress to secure sensitive data, including encryption keys, even when operating systems or virtual machines are maliciously compromised. This feature works by developing reliable execution environments, protecting sensitive code along with data from tampering with other items on a system.

Enters ÆPIC leak

The latest research found a new hole that breaks Intel SGX guarantees completely in many tenth, eleventh, and twelfth generation CPUs. The vulnerability dwells in ÆPIC – an acronym for ‘Advanced Programmable Interrupt Controller’. It’s a mechanism developed into several latest CPUs that routes and manages signals produced by software or hardware, causing CPUs to stop current tasks so they can process top-priority events.

“ÆPIC Leak enables attacks against SGX enclaves on Ice Lake CPUs, forcing specific data into caches and leaking targeted secrets,” the researchers wrote. “We show attacks that allow leaking data held in memory and registers. We demonstrate how ÆPIC Leak completely breaks the guarantees provided by SGX, deterministically leaking AES secret keys, RSA private keys, and extracting the SGX sealing key for remote attestation.”

Rifts in the foundational security

SGX is the foundation of security assurances most companies give to users. For instance, servers utilized to manage the discovery of contacts for Signal Messenger relied heavily on Intel SGX to make sure the process remains anonymous.

Signal Messenger says operating its cutting-edge hashing scheme offers a “general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus.”

The key to SGX’s authenticity and security assurances is its development of ‘blocks’ or ‘enclaves’ of secure and safe memory. Enclave contents (or block contents) are fortified with encryption and penned in RAM.

They’re decrypted only when they return. And SGX’s primary responsibility is to protect enclave memory as well as prevent access to contents by items other than reliable CPU parts.