New flaw in Intel chips lets attackers slip their own data into secure enclave

A new flaw in Intel chips threatens to allow attackers to not just view privileged information passing through the system but potentially also insert new data. The flaw isn’t something the average user has to worry about, but it is a sign of the times as far as the shape of threats to our information’s security.

You may be familiar with Meltdown, Spectre and Heartbleed — this one has a decidedly less catchy name: Load Value Injection, or LVI. It was discovered independently by BitDefender and by a multi-university group led by Jo Van Bulck.

The exact technical details (as documented here) of the flaw aren’t anything the average user would understand or be able to fix themselves. But here’s what you should know: LVI is part of a general category of flaws that have to do with a technique used by most modern computing architectures called “speculative execution.”

Speculative execution is a bit like, if someone started writing a math problem on a chalkboard rather slowly, you decided to preemptively solve the problem in each of the 10 ways it could possibly be solved. That way, when the teacher finishes writing the problem, you have the answer ready, and simply discard the others. Processors do this too, in a much more complex and regimented way, of course, using spare cycles to speculatively execute various lines of computation.

Recently this process has been shown to be less than secure in that by carefully poking and prodding at the chip’s deepest levels of code, you can get it to cough up data that would normally be highly protected and encrypted. But while Meltdown and Spectre were about forcing that leakage and collecting the data, LVI takes it a step further, letting the attacker place new values into the process so they can interfere with or even control the outcome. What’s more, this takes place inside the “SGX Enclave,” intended to be an impregnable sub-system that can be trusted to be secure. (To be clear, this is nowhere near arbitrary code execution but rather a new, effective method to manipulate this ostensibly secure channel. This paragraph has been slightly updated to make that clearer.)

These processes are so deep within the computer’s many layers of code and execution that it’s impossible to say what they can and can’t be used for. It’s safest to assume that, with an issue this fundamental — letting an attacker substitute certain secure values with their own — that the entire thing is compromised.

The name isn’t so catchy, but it does have a cool logo

There are mitigations, of course, but they can severely affect the performance of the chip. Nevertheless, they must be put in place on any exposed chip with this flaw — and that’s pretty much any modern Intel chip that came out before last year.

Intel itself is very much aware of the issue and in fact published a 30-page technical summary of LVI and the various specific attacks it enables. It is careful to note at the outset, however, that this is not the sort of thing that gets deployed at large:

“Due to the numerous, complex requirements that must be satisfied to implement the LVI method successfully, LVI is not a practical exploit in real-world environments,” the paper reads.

And that’s why you don’t need to worry about it. The simple truth is you’re probably not an ideal target for this attack. It’s not easy to pull off, and as an individual your data is better got at either via traditional means (phishing and the like) or by collecting it in bulk at the data center level. So what’s important is not you updating your PC as soon as possible, but the companies that own and run millions of servers doing so.

Even then, however, it may be that systems with no public exposure are more or less incapable of being accessed by attackers, and even if they were, they might not handle any data that’s worth getting hold of. So ultimately it’s up to these companies to decide their priorities, and after that it’s up to chipmakers like Intel to design future chips and architectures without flaws like LVI and the others built in. Of course, that’s rather hard to do given the complexity of those systems, but there it is.

You can learn more about LVI at the site set up to document it. Or you can just watch the ridiculous “teaser” put together by the research team that identified the flaw: