A group of cybersecurity researchers today disclosed a vulnerability in Intel Corp. central processing units that can potentially be exploited to steal sensitive data and compromise otherwise secure applications. 

The researchers, hailing from three European universities, named the bug Plundervolt, in a nod to the somewhat unusual attack method it facilitates. Plundervolt enables hackers to compromise vulnerable systems by manipulating the amount of power that the CPU receives.

The attack exploits two separate chip components. One is the energy management interface inside Intel CPUs through which the operating system manages the voltage and frequency of a machine’s processor. To conserve power, modern CPUs continuously fine-tune how much electricity they draw based on the demands of the workload they’re running.

The other component Plundervolt-based attacks exploit is SGX. The technology, which Intel ships mainly with its business-grade CPUs, allows applications to carry out sensitive operations like data encryption in an isolated section of the processor. 

Intel designed SGX processor enclaves to remain secure even if a hacker somehow compromises the host machine. But Plundervolt allows attackers to bypass this barrier through subtle modifications to the processor’s power draw. By adding or subtracting a few extra millivolts at the exact moment a sensitive action is performed in an SGX enclave, it’s possible to introduce errors into the computation that create security gaps. 

Hackers could, for instance, slip faults into an application’s data encryption algorithm to facilitate future attacks. Or they might force the CPU to outright reveal the encryption key and other sensitive data. 

Plundervolt can theoretically be exploited remotely without hackers having to gain physical to a processor. But they would still need to gain full root access to the operating system first. In other words, a server processor’s SGX enclave can be targeted only if a cybercriminal somehow manages to take over the entire machine.

Intel released microcode and BIOS patches ahead of the vulnerability’s disclosure today that will enable companies to insulate their machines against Plundervolt-based attacks. “We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible,” the chipmaker wrote in an advisory.

The researchers who discovered Plundervolt, in turn, have set up a website to inform the public about the issue. They said that Plundervolt affects Intel Core processors released since 2015 as well as the Xeon E3 v5, E3 v6, E-2100 and E-2200 server CPU families. 

Photo: Unsplash