Intel's SGX may throw malware developers a huge bone

Tech Talk, Tech News and Tech Support (Gadgets included)
Post Reply
User avatar
maurvir
Posts: 25358
Joined: Mon Nov 15, 2010 10:13 pm
Title: Steamed meat popsicle

Intel's SGX may throw malware developers a huge bone

Post by maurvir »

https://arstechnica.com/gadgets/2019/02 ... comments=1

Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.

The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.
User avatar
Betonhaus
Posts: 2911
Joined: Thu Aug 30, 2018 10:25 pm

Post by Betonhaus »

Whoops. I'm assuming amd processors might have the same vuln?
User avatar
Ribtor
Posts: 9363
Joined: Sun Nov 28, 2010 3:45 pm

Post by Ribtor »

I've been waiting for Meltdown and Spectre to kill us all, and now this.
Pyke notte thy nostrellys
User avatar
avkills
Posts: 3127
Joined: Sun Nov 14, 2010 9:46 am
Location: Everywhere

Post by avkills »

It seems like the more hardware based protection gets, the worse overall the problem becomes.
"Killing them dead till they believe"
† The Church of Mark †
User avatar
Ribtor
Posts: 9363
Joined: Sun Nov 28, 2010 3:45 pm

Post by Ribtor »

Or the more meaningless.
Pyke notte thy nostrellys
Post Reply