Sunday, April 11, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Researchers hide malware in Intel SGX enclaves

February 12, 2019
in Internet Security
Researchers hide malware in Intel SGX enclaves
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A team of academics has found a way to abuse Intel SGX enclaves to hide malicious code from security software and to allow the creation of what researchers are calling “super-malware.”

Intel Software Guard eXtensions (SGX) is a feature found in all modern Intel CPUs that allow developers to isolate applications in secure “enclaves.”

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

The enclaves work in a hardware-isolated section of the CPU’s processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more.

Until today, the only known vulnerabilities impacting SGX enclaves had been side-channel attacks that leaked the data being processed inside an enclave, revealing an app’s secrets.

But in a research paper published today, security researchers showed that SGX enclaves could be used as a place to hide undetectable malware.

This never-before-seen concept relies on attackers being able to install or trick a user into installing an app that sets up a malicious enclave.

Creating and loading a malicious enclave isn’t as easy as it sounds because Intel’s SGX technology only accepts and launches enclaves that have been signed with a signature key found on an internal whitelist of approved keys. These keys are usually handed out to approved developers.

But the research team says there are at least four methods in which a threat actor could get his hands on a signature key, and sign a malicious enclave.

“In fact, we have a report from a student who independently of us found that it is easy to go through Intel’s process to obtain such signing keys,” researchers said. [We will not list all four methods, but they can be found on page two of the researchers’ paper.]

However, even if attackers manage to sign, implant, and then run a malicious enclave, that still doesn’t mean the system has been infected because SGX enclaves also don’t have full access to the same type of operations that the local OS has, being restricted to a few commands.

But in their research paper, the academics went around this limitation by using an exploitation technique known as return-oriented programming (ROP) to piggy-back on Intel Transactional Synchronization eXtensions (TSX) to allow the malicious enclave access to a wider set of commands that it is normally entitled to.

“Our SGX-ROP attack uses new TSX-based memory-disclosure primitive and a write-anything-anywhere primitive to construct a code-reuse attack from within an enclave which is then inadvertently executed by the host application,” said the research team.

“With SGX-ROP, we bypass ASLR, stack canaries, and address sanitizer,” they added. “We demonstrate that instead of protecting users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits.”

The research team has published proof-of-concept code showing that attacks using enclave malware are now possible at a practical level.

Since SGX enclaves are meant to work separately and be out of reach of the main operating system, any malicious enclave is theoretically impossible to detect by security products, and is the equivalent of a rootkit on steroids.

“Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel® SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source,” an Intel spokesperson told us via email. “In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.”

More details are available in the research paper titled “Practical Enclave Malware with Intel SGX,” available as a PDF download from here.

This research is also not the first of its kind. A week before the publication of this paper, Intel security researcher Marion Marschalek also showed how malicious code could abuse SGX enclaves to infect systems. Video below.

Article updated with Intel statement and video of second research on SGX enclave malware.

Related security coverage:

Credit: Source link

Previous Post

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Next Post

Marketers can now employ Watson in any cloud or location

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
Marketers can now employ Watson in any cloud or location

Marketers can now employ Watson in any cloud or location

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Can a Machine Learning Model Predict T2D?
Machine Learning

Can a Machine Learning Model Predict T2D?

April 11, 2021
Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success
Data Science

Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success

April 11, 2021
Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Can a Machine Learning Model Predict T2D? April 11, 2021
  • Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success April 11, 2021
  • Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU April 10, 2021
  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates