cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Discovery casts dark shadow on cyber security says CSIRO’s Data61

Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, which can be exploited to bypass Intel processors’ secure enclaves to access memory and data.

user iconStephen Kuper
Thu, 16 Aug 2018
cyber warfare
expand image

The vulnerability affects Intel’s Software Guard Extension (SGX) technology, a new feature in modern Intel CPUs that allows computers to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.

The two teams that independently and concurrently discovered Foreshadow have published a report on the vulnerability, which causes the complete collapse of the SGX ecosystem and compromises users’ data.

"SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication, or to prevent content being downloaded from video streaming services," Dr Yuval Yarom, from CSIRO's Data61 and University of Adelaide's School of Computer Science, said.


The researchers reported these findings to Intel earlier this year, and the company’s own analysis into the causes of the vulnerability led to the discovery of a new variant of Foreshadow, called Foreshadow-NG, which affects nearly all Intel servers used in cloud computing.

Foreshadow-NG is theoretically capable of bypassing the earlier fixes introduced to mitigate against Meltdown and Spectre, potentially re-exposing millions of computers globally to attacks.

"Data61 has also joined the RISC-V Foundation's security task group, which aims to prevent the likes of Meltdown and Spectre from occuring again," said Adrian Turner, CEO of Data61, saying further that this significant discovery shows the far-reaching impact of Meltdown and Spectre and reinforces the role of research for discovering and preventing flaws.

Intel has since released patches, updates and guidelines to resolve both Foreshadow and Foreshadow-NG. Researchers have not yet tested if similar flaws exist in processors of other manufacturers.

"Data61 has also joined the RISC-V Foundation's security task group which aims to prevent the likes of Meltdown and Spectre from occurring again," Turner said.

Foreshadow is a speculative execution attack on Intel processors that allows an attacker to steal sensitive information stored inside personal computers or third-party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and the next-generation version, which affects virtual machines, hypervisors, operating system kernel memory, and system management mode memory.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.