Foreshadow threatens confidential data in cloud environments

Not only software is prone to having bugs, but hardware as well. After the discovery of Meltdown and Spectre, this is not a huge surprise anymore. Now two research teams have developed a new attack the dubbed "Foreshadow", or L1TF ("Level 1 Terminal Fault"). Those attacks specifically target the security components of a CPU. The affected components include access to pagetables and also Intel's specially secured "Secure Enclave", called Software Guard Extensions (SGX). Researchers of several different universities had initially put their focus on Intel's SGX technology and also reported their findings to Intel. The chip maker then conducted additional research and found that the attack reported to them has a broader impact than initially expected. Foreshadow was reported to Intel just a few days before the reports on Meltdown and Spectre were released to the general public.

The details are very complex and have numerous parallels to Meltdown and Spectre (see also our blog article on Meltdown and Spectre). Just as the attacks discovered earlier this year, Foreshadow puts an unauthorized user in a position to access memory areas which he would not normally have access to. This is especially problematic in cloud environments, where a would-be attacker could potentially access a memory area assigned to a different virtual machine hosted on the same physical hardware.

In all, there are three variants to attack the security architecture. If you are interested in the details of this, we recommend reading the research paper titled „Foreshadow: Extracting the keys to the Intel SGX Kingdom with Transient Out-of-Order Execution“ (PDF document, opens in a new window). The fact of the matter is that Foreshadow does not require elevated privileges in order to work. Unlike Meltdown/Spectre, which require administrator permissions to carry out the attack, regular user permissions are sufficient for Foreshadow.

Several components can be attacked - similar to what Meltdown and Spectre do, an attacker could leverage what is called "speculative execution". This method is used to expedite certain processes by preloading specific instructions which have not yet been requested.

Currently, the processors susceptible to the Foreshadow attacks are Intel's Core i3, i5 and i7 line of CPUs as well as the corresponding XEON processors. Those processors are used in millions of PCs and servers worldwide and therefore offer a large attack surface. This naturally gives rise to the question of who needs to worry about the impact of Foreshadow. The authors explicitly mention cloud services (see p.3, Ch. 2.2):

The attacks described in the paper are technically very complex and impressive. However, home users are not in any immediate danger. "The attacks described in the research affect a large number of systems all over the world. It is therefore understandable that people are very concerned. The good news is that manufacturers are not completely unprepared. Microcode updates which mitigate the issue have been delivered a while ago, so there is no reason to panic", says G DATA Security Evangelist Tim Berghoff.

„Intel has also stated that those mitigation measures will eventually find their way into the manufacturing process. As far as we are aware, there is no malware which makes use of this highly complex attack. Remember, many predicted after Meltdown and Spectre that "everybody" would eventually make use of the attack - we have not seen any evidence of this happening in reality.“

Intel's microcode updates are usually delivered either via mainboard manufacturers or system builders. In case there is no support from those anymore, you can still get them through Microsoft's update catalog. In Linux systems, the microcode is automatically loaded into the CPU registers. No user interaction is required here. Intel provides comprehensive information around Foreshadow in their newsroom. According to Intel, the microcode updates which address the Foreshadow attacks have no impact on the CPU's performance. Microsoft has also provided updates.

Intel's SGX technology is part of all their modern processors, but is only used by a selected range of applications. One of those applications is the cryptocurrency startup "Ledger", which uses the SGX technology to secure blockchain transactions such as buying or selling cryptocurrencies like Bitcoin or Monero. Transactions can be performed within a secure framework which is inaccessible to any malware that might be present on a system - until now. The corresponding functions are implemented in the Core iX line of CPUs following the "Skylake" generation.

Furthermore, SGX is used in cloud environments. The crypto messenger application Signal, for instance, uses the function to sync address books uploaded by the user in order to find out which contacts also use Signal without learning the actual phone-numbers. In the past few years, there have been several attacks by researchers on data in the secured enclave which resulted in them being able to use a side channel attack to obtain private RSA keys.

• L1 Terminal Fault - SGX aka Foreshadow (CVE-2018-3615)
• L1 Terminal Fault - OS/SMM aka Foreshadow-NG (CVE-2018-3620)
• L1 Terminal Fault - VMM aka Foreshadow-NG (CVE-2018-3646)