Intel users beware! Hackers have now discovered a new method to hide malware inside the security Intel SGX enclaves. Usually, the Intel Software Guard eXtensions (SGX) is a technology that’s used by app developers as a security measure against unwanted data modification or disclosure.
Intel SGX also allows developers to execute application code through a secret enclave.
Expert researchers have created a new technique that enables them to introduce malicious code in a protected memory area, which makes it nearly impossible to detect.
Ideally, enclaves should be protected from higher privilege processes, including BIOS, kernel, SMM and even the operating system.
The team of experts that discovered this vulnerability is the same one that found the Spectre-Meltdown CPU loophole. It consists of researchers Daniel Gruss, Samuel Weiser and Michael Schwarz from the University of Technology in Austria.
Through their research, they created a pathway that allowed them to install malware that was able to circumvent security protection by hiding in malicious enclaves.
According to the experts, the host application uses an interface to communicate with the enclave. The funny thing is that the interface is supposed to protect the app from the enclave and yet it ends up becoming an access point.
For the purpose of their research, the experts used TSX, as well as a technique known as TSX-based Address Probing (TAP). The latter is a read primitive system that enables researchers to build a code reuse attack which can be inadvertently executed by the host application. In this instance, the technique was used in conjunction with a write-anything-anywhere primitive.
The SGX-ROP allowed the researchers to bypass all security measures, including address sanitizer, stack canaries, and ASLR.
In case you’re wondering, the whole point of this exercise was to show that SGX poses a threat to users instead of protecting them as it should. It exposes users to exploitation and super-malware infiltration.
How It Works
First, the researchers created a write primitive called Checking Located Addresses for Writability or CLAW for short. This was to find out if it was possible for them to write in a memory page. Within the primitive is the memory page write instruction.
Since it’s bundled within a TSX transaction, it’s able to abandon the transaction just in time to avoid detection.
The experts analyzed the transaction’s return value in order to decide if it was possible to write in a specific memory page. Once the malware is introduced into the enclaves, it’s vulnerable to detection by security software like address sanitizer, stack canaries, ASLR and others.
However, SGX is able to circumvent malware inspection through strong integrity guarantees and confidentiality. The researchers pointed out that this opened the software to other potential threats like next-generation ransomware that can also use the enclave as a gateway. The latter could even go as far as to inhibit ransomware recovery tools from working altogether.
Conclusion
The researchers concluded their research by publishing their findings in the form of a proof-of-concept exploit that could circumvent ASLR, address sanitizer, stack canaries and other security measures in under 30 seconds.
In response to these findings, Inter announced that it would roll out hardware and software mitigations designed to counter this type of attack in particular. Keep in mind that the experts were able to bypass address sanitizer, stack canaries and ASLR using SGX-ROP. This allowed them to facilitate practical enclave malware by running ROP gadgets through the host itself.
The good news is that this SGX loophole was discovered by experts before it could be leveraged by cybercriminals for sinister means.