Plundervolt, an undervolting attack targeting Intel central processing units (CPUs), has recently garnered attention in the cybersecurity community. The attack exploits a vulnerability in certain Intel chips, allowing attackers to manipulate the chip’s power supply and corrupt its operations. This vulnerability poses a significant threat to the security of sensitive data stored on Intel CPUs.
The Plundervolt attack takes advantage of the voltage regulator feature included in certain Intel chips, which enables users to regulate power flow to the chip. Attackers can systematically reduce the core chip voltage until a fault occurs, effectively breaching the chip’s built-in security measures called Software Guard Extensions (SGX). SGX protects sensitive data by storing it in memory enclaves, separate secure areas that are inaccessible even to users or attackers with high-level privileges. However, by inducing faults in the computations that write data to these enclaves, Plundervolt attackers can cause sensitive information to be misplaced or exposed outside of the protected area.
The potential impact of Plundervolt is significant, as it can corrupt encryption keys and cryptographic processes. If attackers gain access to these keys, they can neutralize the chip’s SGX, potentially leading to privilege escalation and information disclosure attacks. Plundervolt is often compared to other SGX-centric attacks like Foreshadow and Spectre, which also exploit hardware vulnerabilities to compromise sensitive data. However, Plundervolt uniquely targets the processes surrounding the data, while Foreshadow and Spectre directly target the data itself.
To successfully execute a Plundervolt attack, attackers require root privileges to the target device’s operating system. The voltage mechanism, or model-specific register (MSR), used in the attack is only accessible to authenticated users. Attackers can gain root privileges through physical or remote access to the target device, providing an opportunity to manipulate the processor’s voltage. Plundervolt effectively invalidates the guarantee of SGX, as the protected enclaves are no longer secure when subjected to the attack. It is worth noting that Plundervolt attacks are only viable when attackers have this level of access.
Another comparable CPU security threat is Rowhammer, which shares similarities with Plundervolt. Rowhammer exploits hardware vulnerabilities to undermine CPU security but focuses on altering data already in the processor’s memory. Unlike Plundervolt, Rowhammer does not work on newer CPUs with SGX-protected memory. SGX ensures that data stored in physical memory cannot be modified outside of the protected environment, making it resilient against Rowhammer attacks.
Plundervolt affects a wide range of Intel Core processors, including the 6th to 10th generation Intel Core processors, v5 and v6 of the Xeon E3 series, and the Xeon E-2100 and E-2200 series. Intel has released firmware patches to address the Plundervolt vulnerability, locking the voltage settings on processors by default to prevent unauthorized changes. Users are strongly advised to install these patches, which come in the form of a microcode update and a BIOS update.
While end users are not the primary targets for Plundervolt attacks, it remains a significant threat, particularly for high-value targets. The attack requires a specific hardware vulnerability, which cannot be entirely fixed through software patches alone. Hardware changes are necessary to mitigate the threat fully. Rambus, a silicon chip provider, recommends implementing a secure coprocessor separate from the main processor to enhance security. This approach isolates sensitive processes and provides an additional layer of protection against Plundervolt attacks.
It is crucial for users to consider additional mitigation measures, such as limiting the voltage regulator to known safe values and performing thorough testing to establish these values. While this approach presents challenges, it avoids the need for new hardware and allows for the continued use of the voltage mechanism.
In conclusion, Plundervolt poses a significant threat to Intel CPUs, potentially exposing sensitive data and undermining chip security measures. Intel has released firmware updates to mitigate the vulnerability, but hardware changes are necessary for a complete fix. Implementing additional security measures, such as separate coprocessors and limiting voltage regulator values, can further mitigate the risk of Plundervolt attacks.