Wed, 15. Jul. 2020 Rodler, Michael
Danger to Sensitive Data
In the course of our research on Trusted Execution Environments we discovered multiple vulnerabilities in security-critical software running in protected memory areas of modern Intel processors. In the worst-case scenario, harmful actions could be infiltrated into sensitive programs, e.g. into the software of fingerprint scanners. With the help of our team the affected vendors already patched their software.
In Intel’s latest processors, application developers can create specially protected memory areas, so-called enclaves by using the “Intel Software Guard Extensions (Intel SGX)”. SGX provides hardware-based encryption to shield selected memory contents from the rest of the system. Even if espionage software were to infect a system, an attacker would in principle not be able to access the data or code in the enclave. SGX technology is therefore very well suited for creating a trustworthy execution environment in a cloud or, for example, to process biometric data on a computer. However, SGX must be used properly.
In almost all publicly available enclaves, our team was able to discover vulnerabilities and construct proof-of-concept exploits. We identified errors in sample codes from Intel and Baidu/Apache, which should actually help in programming secure enclaves. Security gaps were also uncovered in two SGX-protected fingerprint drivers from Synaptics (CVE-2019-18619) and Goodix (CVE-2020-11667). This is particularly security-critical as they are used on new notebooks from Lenovo and Dell to process biometric data securely. The enclave of the messenger service Signal, however, was immune to our attacks.
The results were communicated to the affected vendors in November last year. By now, they have fixed the errors in the enclave code and closed the gaps in the fingerprint scanners with the latest Windows updates. The technical details of the proof-of-concept exploits will be presented on August 12, 2020 at the security conference USENIX Security 2020.
How did the scientists discover the vulnerabilities?
In the course of our research we have developed a tool called TeeRex, which provides a framework to analyze SGX enclaves for identifying security vulnerabilities and constructing proof-of-concept exploits. This framework automatically analyzes the binary code of SGX enclaves at the interface between the enclave and the rest of the system by means of symbolic execution. The analyses with TeeRex have shown that many enclaves have runtime errors that allow an attacker to corrupt function pointers or perform arbitrary memory operations. An attacker could thus gain complete control of the enclaves.
The paper will be published at the 29th USENIX Security Symposium (until 12th of August only abstract):
More information on the research (Pre-Print, PoC Exploits):