Critical vulnerabilities found on Intel mini PC CPUs

Web application security researchers from three different European universities revealed the discovery of a vulnerability that affects Intel mini PC CPUs. This flaw, dubbed by researchers as Plundervolt, is exploitable by abusing an operating system feature to take control of the frequency and voltages of the targeted device, allowing data manipulation in Intel SGX.

The vulnerability has the ability to adjust the frequency and voltage of Intel CPUs so that the hacker can make its way to secure data in Intel Software Guard extensions. Alteration in frequency allows you to modify the operation of SGX to extract user information, such as encryption keys.

As if that weren’t enough, exploiting this vulnerability allows a hacker to reintroduce previously corrected operating system errors to the operating system. The affected system is included by default on all Intel processors since 2015, so the scope of the attack is considerable. Intel SGX was developed to operate as a secure region within the CPU, mentioned by web application security experts.

In the report, experts claim that Plundervolt was born from the analysis of other dangerous flaws affecting the Intel system, such as the dangerous Rowhammer and CLJSCREW vulnerability, which allow complex malicious activities in Intel’s developments.

One of the main conclusions of this research is that Plundervolt is a combination of the two flaws mentioned above. System modifications made by the vulnerability are sufficient to generate multiple errors in Intel SGX features.

In addition, the International Institute of Cyber Security (IICS) web application security experts say Plundervolt is capable of altering the processes designed for information protection at Intel SGX. Despite the seriousness of this flaw, not all is bad news, as this vulnerability appears to be only exploitable locally, at least for now.

In theory, remote exploitation of Plundervolt requires a program to run with administrative privileges, however, even if the theoretical requirements are met, remote exploitation of this fault remains a highly complex process.