#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Intel SGX | Breaking Cybersecurity News | The Hacker News

Category — Intel SGX
Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

Oct 20, 2021
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability ( CVE-2021-0186 , CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called " SmashEx " that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX (short for Software Guard eXtensions) allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment (TEE), which is designed to be protected from processes running at higher privilege levels like the operating system. SGX ensures that data is secure ...
New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

Dec 11, 2019
A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits. Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells. However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory. Plundervo...
Researchers Implant "Protected" Malware On Intel SGX Enclaves

Researchers Implant "Protected" Malware On Intel SGX Enclaves

Feb 13, 2019
Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification. In other words, the technique allows attackers to implant malware code in a secure memory that uses protection features of SGX which are otherwise designed to protect important data from prying eyes or from being tampered, even on a compromised system. Introduced with Intel's Skylake processors, SGX (Software Guard Extensions) allows developers to run selected application modules in a completely isolated secure region of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels like the operating system, kernel, BIOS, SMM, hypervisor, etc. However, a team of researchers, some of whom were behind the discovery of the Spectre-Meltdown CPU flaws , managed to bypass this protection and g...
cyber security

New Webinar: Defend Against Scattered Spider's Latest TTPs for 2025

websitePush SecurityThreat Intelligence / Cyber Attack
Learn about Scattered Spider's latest identity attack techniques and how to defend your organization.
cyber security

Get Proactive About Protecting Your Digital Identity 

websiteVeeam SoftwareData Security / Microsoft Entra ID
Security threats are just one reason you need to protect Microsoft Entra ID data. Learn all 6 reasons today.
Expert Insights Articles Videos
Cybersecurity Resources