Intel addressed a report from security researchers that its SGX security platform can be breached.
The chipmaker issued an advisory to address the claims from Positive Technologies that its team was able to extract both the Root Provisioning Key and Root Sealing Key from Intel processors via hardware access.
SGX is the key component to the secure enclave system that Intel uses to isolate processes from one another at the hardware level. Should an attacker be able to steal those keys, they would essentially have unfettered access to all other processes running on the system, including those operating at root level.
Intel, however, sought to tamp down any panic from the reports, claiming that the described attack is nowhere near as menacing as it seems.
“The external parties mentioned are running tests on systems they have physical access to, which are not up to date with the latest mitigations and are not properly configured with Intel recommended Flash Descriptor write protection (which occurs as part of end of manufacturing by system manufacturers),” the advisory read.
“Researchers are using previously mitigated vulnerabilities dating as far back as 2017 to gain access to what we call an Intel Unlocked state (aka 'Red Unlocked') so these findings are not surprising.”
Intel also noted that in this case the researchers were only able to retrieve the keys in their encrypted state, not as plain text. This would leave any attacker with plenty of extra work in order to complete their system compromise.
Fortunately, the chipmaker said there is an easy enough remedy. System vendors can protect from the attacks by using the latest firmware builds and updates, while admins can make sure they are protected from attack by making sure their systems are fully updated and have the Intel Firmware Version control.
Hardware level attacks are often seen as a sort of holy grail for hackers, as they allow for not only complete control over the target machine, but also persistence to overcome updates and reinstallations.
Fortunately, such attacks are highly difficult to come by, and many either require direct access to the system or take impractically long periods of time to complete.