A multi-national team of researchers has disclosed a new attack, which it dubbed SmashEx, that can be used to collect and corrupt data from secure enclaves that rely on runtimes that interact with Intel's Software Guard Extension (SGX) technology.
Intel SGX is used to enable Trusted Execution Environments on compatible CPUs, and the researchers who discovered SmashEx said this "allows user applications to be partitioned into hardware-isolated compartments called enclaves, which are protected from privileged system software (e.g., hypervisor and the OS)." The enclaves are in turn supposed to ensure the security and integrity of their contents. Compromising those enclaves could give attackers access to vital information.
SmashEx isn't the first attack on Intel SGX; researchers demonstrated the first practical malware targeting the platform in February 2019. The Record cited 10 other attacks on the technology in its report, too, which shows it's a fairly popular target.
But the team that discovered SmashEx said this attack is novel for a few reasons. "SmashEx is the first attack that demonstrates the exception handling attack vector on Intel SGX," it said. "SmashEx does not assume any side channels or pre-existing memory safety bugs in the enclaved application code. [...] Unlike side-channel attacks on SGX enclaves such as Spectre and controlled-channel attacks, SmashEx can directly corrupt the enclave private data and break the enclave integrity."
The researchers shared two screenshots to demonstrate SmashEx's capabilities. The first contains "an in-enclave RSA private key from Intel SGX SSL" that would be used to encrypt traffic secured via the HTTPS protocol. The second depicts the team "dumping all enclave data from Open Enclave cURL," a ubiquitous program that "is used daily by virtually every Internet-using human on the globe," per its maintainers. (With Open Enclave being Microsoft's cross-platform software development kit.)
Here's the good news: The researchers waited until Intel patched SGX and Microsoft patched Open Enclave to disclose their attack. Intel has shared more information about the attack and its mitigations under the CVE-2021-0186 identifier; Microsoft did the same for Open Enclave via the CVE-2021-33767 identifier. Assuming system administrators install those patches—which is always a dangerous assumption to make—that should limit SmashEx's reach despite the attack's public disclosure.
Here's the bad news: The researchers confirmed that SmashEx can be used against seven other runtimes from Arm, Google, and Apache, among others. They also said that "if the runtime you are using is based on any of the runtimes listed above, you are almost certainly affected," and that other runtime developers would have to see if they're affected by this attack as well. Once those affected runtimes have been discovered, they'll have to release their own patches to resolve this problem.
More info about SmashEx can be found on its website and the paper detailing the attack. It was discovered by Jinhua Cui, Zhijingcheng Yu, and Prateek Saxena from the National University of Singapore as well as Shweta Shinde from ETH Zurich.