Plundervolt’s New Attack Affects Intel CPUs – Expert Comments

A new Plundervolt attack is impacting Intel CPUs, an expert from KnowBe4 offers perspective.

“Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces. With Plundervolt we showed that these software interfaces can be exploited to undermine the system’s security. We were able to corrupt the integrity of Intel SGX on Intel Core processors by controling the voltage when executing enclave computations. This means that even Intel SGX’s memory encryption/authentication technology cannot protect against Plundervolt.” – Source: https://plundervolt.com/

Experts Comments

December 11, 2019
James McQuiggan
Security Awareness Advocate
KnowBe4
With the Intel CPUs in a majority of systems worldwide, it will be important for end users to apply the Intel patches as soon as possible. This vulnerability is now known and the exploit is available for all attackers to utilize against them. Organizations' internet facing systems are among the largest attack vectors for criminals to attempt to exploit, especially when they are unpatched. These systems present an unnecessary risk for organizations that can be updated with a robust security.....Read More
With the Intel CPUs in a majority of systems worldwide, it will be important for end users to apply the Intel patches as soon as possible. This vulnerability is now known and the exploit is available for all attackers to utilize against them. Organizations' internet facing systems are among the largest attack vectors for criminals to attempt to exploit, especially when they are unpatched. These systems present an unnecessary risk for organizations that can be updated with a robust security program, including change management.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.