[2020-03-11] Intel SGX Vulnerability Discovered, Cryptocurrency Keys Threatened

[NeuroticFish]

Yet another vulnerability of CPUs was found.

A vulnerability has reportedly been discovered in Intel’s Software Guard eXtensions (SGX) allowing passwords, encrypted keys, and other sensitive data to be siphoned from a computer’s memory.

"Attacks are not expected to target consumer computers" seems to be somewhat reassuring, although I'd not be so sure about this.


Stay safe. Keep as much funds as you can offline.

[squatter]

This is a very interesting attack. It reverses Meltdown-style attacks, defeating all of the associated mitigations. https://lviattack.eu/

LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations. Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — "inject" — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.

Crucially, LVI is much harder to mitigate than previous attacks, as it can affect virtually any access to memory.

"Attacks are not expected to target consumer computers" seems to be somewhat reassuring, although I'd not be so sure about this.

An attack does seem difficult to mount, at least presently:

Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface.

The difficulty in carrying out LVI attacks isn’t the only limitation. The data the attacks can acquire is also restricted to that stored at the time the malicious code is executed. That makes exploits either a game of luck or further adds to the rigorous requirements for exploitation. For those reasons, many researchers say they’re unsure exploits will ever be used in active malicious attacks.

[NeuroticFish]

An attack does seem difficult to mount, at least presently:

Since people still install cracked versions of Windows (I fail to understand why), I still have my doubts on how difficult it is to mount.
But I am not that technical, so maybe I am wrong.
On the other side... there may be easier-to-be-achieved ways to steal user data if the OS is already compromised.

[Carlton Banks]

this can only be a problem as part of an attack on your computer. on it's own, it's not dangerous. So sure, the hacker's toolkit has widened it's range, but it doesn't matter much if you have good mitigations against OS-level attacks against stealing your private keys.

and please, can we dispel this nonsense myth about anti-virus protecting your computer? only those that do not understand anything about how anti-virus software works say this sort of thing. To keep your computer secure, use a secure OS (i.e. not Windows or macOS) and learn how to enable and use the enhanced security features in that OS (i.e. Linux or BSD). There are no shortcuts to computer security, you need to actually do some work I'm afraid

[buwaytress]

Far too technical for my knowledge, but whatever the case, definitely keep your private keys offline. I don't do it for everything, I actually still have various wallets always on a device connected to the net, but they're wallets I use a lot with non-significant amounts. And the tradeoff for convenience isn't really worth the hassle of accessing them regularly from cold storage. But things like these do make me wonder about my computer.

It's a regular, legal Windows I coughed up for. I know Carlton's right so I know my computer isn't the best place to keep what I can't afford to lose. For everything else, though, relying on the critical updates and just generally not installing crap and practising good basic password is probably good enough... right?

[Lucius]

Well, when I read about Meltdown and similar vulnerability back in 2019 I start to think about some alternatives to Intel. So I decided to give AMD a chance and I buy device with AMD CPU, and few years before that I move all BTC to hardware wallet. The only thing I haven't done yet is switch to Linux, but for now, I do not consider the W10 to be some kind of security threat to my online activities.

The only way to protect ourselves is to always try to stay at least one step ahead of the hackers.

[Carlton Banks]

It's a regular, legal Windows I coughed up for. I know Carlton's right so I know my computer isn't the best place to keep what I can't afford to lose. For everything else, though, relying on the critical updates and just generally not installing crap and practising good basic password is probably good enough... right?

well, I was tailoring that rhetoric to everyone, which includes people with old versions (i.e. W7, that no longer gets MS security updates) or cracked versions.

Still, even newest Windows (is it at version 11 yet?) is still a product with:

• unknown security properties. It's not at all easy (impossible in practical terms) to know what the code in Windows does, this is not a good guarantee
• high likelihood of intentional security flaws, so that Microsoft's friends in the state surveillance offices can obtain commercial and/or state secrets from rival gangsters corporate partners
• a poor record when it comes to security for the entire ~ 40 year history of the product

the more BTC you have, the less you ought to trust Windows (or Mac), as trust is literally all you've got. With Linux or BSD, you've got the same software that's been keeping the whole internet running since the 1990's.

[hatshepsut93]

Far too technical for my knowledge, but whatever the case, definitely keep your private keys offline. I don't do it for everything, I actually still have various wallets always on a device connected to the net, but they're wallets I use a lot with non-significant amounts. And the tradeoff for convenience isn't really worth the hassle of accessing them regularly from cold storage. But things like these do make me wonder about my computer.

If you have a proper cold storage setup, you only need to worry about airgap-jumping malware (which as far as we know doesn't even exist yet), or a malware that tries to edit unsigned transactions - so make sure do tipple-check your transactions before signing and broadcasting.

I think it's reasonable to hold small amounts that you can afford to lose on an online machine, the convenience that you get is worth the small risk if you are taking the right measures to protect your system (mainly just not installing some junk).

[buwaytress]

@Carlton: I don't disbelieve for one moment all you say about Windows (think it's still at 10 which is what I'm on). I actually skipped a lot of Windows as I got stuck on 98 and XP for the entire rest of the noughties and only got on Windows 10 in 2016. So I have witnessed myself all the flaws. But a mix of convenience, some minor gaming needs, and office requirements has kept me on the system. But, this sense of acceptable security I've lulled myself into still won't let me store the bulk of my btc on the device ever!

@hatsheput: Yeah, I've never made a wrong tx since using in 2016, I think triple is the least I do, force of habit even before using bitcoin. I could never really understand how people send to wrong addresses. To be fair though I actually only check the first and last few characters, but that's more than enough anyway! And exactly, I keep small(er) wallets on my device as it's super convenient. I've never (to my knowledge) been compromised. I definitely don't install junk, except when work requires.

@ETF: Yeah I only recommend an AV for people like my parents, though I generally set up their browsers for them and remotely clean/scan for them every now and them. I had an AV in the 1990s to early 2000s (AVG) and it was probably needed a lot on a win98 with navigator. But I've never used one on my newer devices. Most prevention is now from the browser or from just generally minimalist use.

[NotATether]

Belated response but I believe it's worth explaining what SGX does so that people have a better idea of what's at risk. First of all, SGX is only found on Intel processors so anything running on AMD/ARM cpus aren't threatened by this. Even with all those processors rules out, SGX only exists on newer Intel processors. Instead of putting the list here which risks getting outdated, I will show you how to find the list of processors yourself:

• Go to Intel's ARK page at https://ark.intel.com/content/www/us/en/ark/search/featurefilter.html?productType=873&2_SoftwareGuardExtensions=Yes%20with%20Intel%C2%AE%20ME, for the following to work keep clicking on "Show More" until all the processors are listed
• Open your browser's developer tools, and go to the javascript console
• This javascript code I made will fetch the list of processor names from the list:

Code:

for (e of document.getElementsByClassName('ark-product-name')) {
	console.log(e.textContent)
}

What this outputs is the list of all processors that have SGX on them. Then you can search through the list to see if your processor is there (edit: here's a pastebin of the current list of cpus).

Second, as of July 2019 SGX instructions still aren't used by the Linux kernel because it doesn't support SGX yet. The patches haven't been merged. And the link only described the 21st revision of the patch. We are now at the 28th revision of the patch which was submitted to the mailing list 3 days ago. In other words, no linux kernel version has sgx support.

As for Windows, I would worry more about that because Intel has published SGX drivers for Windows some time ago. So anyone running the affected CPUs on Windows is at risk, while Linux users aren't.  Apparently MacOS doesn't support SGX either, but that is not an official statement and this is only people's speculation. My guess is macs older than 2017 for sure don't have SGX support in the OS but again, this is a speculation.

Third, assume at this point that we are running bitcoin full nodes and SPVs on Linux. Since it doesn't have support for SGX, how are any of them vulnerable to this attack that steals stuff from SGX memory, when they can't put anything in SGX memory in the first place? There's a much greater chance that someone's going to use this to break a Windows DRM than attempt to use it to steal (hypothetical) cryptocurrency-related keys that may be stored in SGX.

[NotATether]

While it's not included on Linux kernel, apparently Intel release it's driver open-source at https://github.com/intel/linux-sgx. The good thing is you must compile from source and it's not available on Debian/Ubuntu repository.

Not sure if you're using Clear Linux which created by Intel though

Intel has SGX packages for Ubuntu, Red Hat, SUSE, CentOS and Fedora which I found at their 01.org portal https://01.org/intel-software-guard-extensions/downloads. As for Clear Linux, I could not find this driver packaged in any of its packages, so it's safe to say that Clear Linux doesn't have sgx support either as it's neither listed as one of the required distributions to build the SGX driver on, nor has a binary RPM built for this distribution (and using a kernel-driver RPM built with another distro runs the risk of breaking your system).

[Harlot]

Anandtech made an article about this last week and what seems to be the problem here is even there 10th gen processors are also affected by the vulnerability. Intel said that they will launch an update for this LVI issue but since the date of the writing I haven't seen any actual fix for the problem. They may not be making this a priority since even Intel themselves thinks that the attack is too complicated to happen with their SGX system, but if you are a consumer words like this are not enough since you won't really have a peace of mind knowing that your pc is vulnerable because of your cpu. I'm just lucky that my desktop right now have a Ryzen cpu but for the owners of Intel cpus I won't be confident to store my crypto on my own system.