Foreshadow is Meltdown 2.0

Two international teams of researchers, including a member of CSIRO's Data61, have uncovered a new variant of the Meltdown hardware vulnerability threatening the integrity of Intel processes.

The teams independently and concurrently discovered Foreshadow, a major vulnerability that can be exploited to bypass Intel’s Software Guard Extension (SGX) technology.

Software Guard Extension is a feature in modern Intel CPUs designed to protect a user’s data in a secure fortress even when the entire system falls under a hacker’s control.

The Foreshadow exploit breaches the confidentiality of these fortresses, leaving the whole system vulnerable.

The exploit was first discovered and reported to Intel by a team from Belgian research university KU Leuven, and was discovered by a team that included Data61 researcher and University of Adelaide research associate Dr Yuval Yarom during the embargo period.

After the vulnerability was discovered, Intel’s own analysis of its causes led to the discovery of a new variant of the exploit, Foreshadow-NG, which affects nearly all Intel servers used in cloud computing. This exploit is also theoretically capable of bypassing the earlier fixes developed for the Meltdown and Spectre vulnerabilities.

“The SGX feature is widely used by developers and businesses globally, and this opens them up to a data breach that can potentially affect their customers as well,” Yarom warned.

“Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow. Intel’s discovery of the Foreshadow-NG variant is even more severe but will require further research to gauge the full impact of the vulnerability.”

Update:

After this article was published, an Intel spokesperson reached out to share the following comment:

“L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our web site and continue to encourage everyone to keep their systems up to date, as it’s one of the best ways to stay protected. We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion-Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue.”

More information on Foreshadow can be found on this Intel company blog post.

Image credit: ©stock.adobe.com/au/robsonphoto

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.