A new Plundervolt attack is impacting Intel CPUs, an expert from KnowBe4 offers perspective.
“Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces. With Plundervolt we showed that these software interfaces can be exploited to undermine the system’s security. We were able to corrupt the integrity of Intel SGX on Intel Core processors by controling the voltage when executing enclave computations. This means that even Intel SGX’s memory encryption/authentication technology cannot protect against Plundervolt.” – Source: https://plundervolt.
With the Intel CPUs in a majority of systems worldwide, it will be important for end users to apply the Intel patches as soon as possible. This vulnerability is now known and the exploit is available for all attackers to utilize against them.
Organizations\’ internet facing systems are among the largest attack vectors for criminals to attempt to exploit, especially when they are unpatched. These systems present an unnecessary risk for organizations that can be updated with a robust security program, including change management.