scroll down

Another Spectre Based Exploit, SgxPectre, Discovered That Kills The SGX

With the discovery of Spectre and Meltdown security flaws, Intel has been facing a lot of problems including lawsuits and seems like these problems are just increasing in numbers as another Spectre Based Exploit has been uncovered that kills the software guard extensions (SGX).

Researchers at Ohio State University have uncovered another Spectre Based Exploit called SgxPectre which disables the SGX. For those who don’t know, SGX allows a software to run in an isolated corner of the processor which has separate memory and is also separate from the OS.

The Spectre Based Exploit, SgxPectre, allows the isolated software to be cracked. In simple words, this exploit can abuse the branch prediction ability to leak information. According to Intel, they are aware of the exploit.

We are aware of the research paper from Ohio State and have previously provided information and guidance online about how Intel SGX may be impacted by the side channel analysis vulnerabilities. We anticipate that the existing mitigations for Spectre and Meltdown, in conjunction with an updated software development toolkit for SGX application providers — which we plan to begin making available on March 16th — will be effective against the methods described in that research. We recommend customers make sure they are always using the most recent version of the toolkit

In related news, Intel has promised hardware fix for Spectre and Meltdown for its upcoming line of processors.

According to Intel CEO Brian Krzanich, the company is working on a hardware fix for its next line of processors that will be available in 2019. the company plans ‘in-silicon” fixes by the end of the year.

Furthermore, Raja Koduri has teased something big at Intel which comes following Intel revealed GPU prototype. The prototype chip has 1.5 billion transistors, the frequency range from 50 MHz at 0.51 volts to 400 MHz at 1.2 volts.

Do you think Intel will be able to salvage its reputation following the discovery of Spectre and Meltdown exploits? Let us know in the comments.

Source: Fudzilla