sincity Posted February 13, 2019 Share Posted February 13, 2019 A team of researchers have discovered a way to run malicious code on systems with Intel chips in such a way that antivirus software is unable to detect it.When the chip giant released its Skylake processors back in 2015, the company included a new feature called Software Guard eXtensions (SGX) that allows developers to isolate applications inside secure enclaves. The enclaves operate within a hardware-isolated section of the CPU's processing memory where applications can carry out operations dealing with sensitive details such as encryption keys, passwords, user data and more.Intel launches neural network on a stickMalware threats continue to rise and target IoTHalf a billion Android users downloaded malware from Play StoreResearchers Michael Schwarz, Samuel Weiser and Daniel Gruss (who helped discover last year's Spectre attack) published a paper detailing how they were able to use SGX enclaves to hide malware that is undetectable by today's security solutions.Malicious enclavesIntel has made it difficult to create and load a malicious enclave by requiring SGX to only accept and launch enclaves that have been signed with a signature key from an internal whitelist of approved keys.While these keys are usually only given to approved developers, the researchers discovered four ways an attacker could gain access to a signature key to sign a malicious enclave. A malicious enclave would still have difficulty infecting a system because SGX enclaves are restricted to a few commands and lack access to the operations carried out by a local operating system. However, the researchers were able to bypass this limitation by using a return-oriented programming (ROP) exploitation technique to piggy-back on Intel Transcational Synchronization eXtensions (TSX). This gave the enclave access to a wider set of commands than normal which could be used to carry out an attack.Despite the fact that the team exploited SGX to run malicious code for research purposes, the discovery has huge cybersecurity implications since today's security products are unequipped to detect malware running inside an SGX enclave.The researchers' paper titled “Practical Enclave Malware with Intel SGX” has now been published and it is certainly worth a read for those that want to learn more.Via Ars TechnicaWe've also highlighted the best antivirushttp://feeds.feedburner.com/~r/techradar/digital-home/~4/2AVo5OZQ7xU Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.