TU Graz/ TU Graz/ Services/ News+Stories/

New security vulnerability in Intel processors: Load Value Injection

03/10/2020 |

By Birgit Baustädter

Security researchers at Graz University of Technology together with an international team have once again uncovered a serious security hole in computer processors. With the new security hole published under the name "Load Value Injection", there is another method to read out sensitive data.

Moritz Lipp, Daniel Gruss and Michael Schwarz (from left to right) have now discovered the Load Value Injection vulnerability together with international colleagues. © Lunghammer – TU Graz

Spectre, Meltdown, Foreshadow, ZombieLoad und Plundervolt. In recent years, security researchers worldwide have identified serious security holes in the architecture of computer processors – especially in processors from Intel.
An international research team with central participation of TU Graz has now presented a new attack under the name of Load Value Injection. The vulnerability is similar to the already known Meltdown attack, but reverses this method. This time, the attacked computer does not reveal any secret data such as passwords or other sensitive content, but continues to work with false data that has been "injected" into the computer by attackers. Again, gaps in the SGX encoders developed by Intel are exploited. These are specially protected areas in a processor that are sealed off from the rest of the system, where particularly sensitive data is to be processed securely.

The researchers made their discovery public on the Load Value Injection website and will present the scientific paper at the IEEE Security and Privacy Symposium in San Francisco in may.

This video is hosted by Youtube, clicking on it will send data to Youtube. The privacy policy of Youtube applies.
Play video
 

"This loophole is very difficult to close," explains TU Graz researcher Daniel Gruss, who is once again at the centre of the discovery together with his colleagues Michael Schwarz and Moritz Lipp. “It requires either a new processor or a severe intervention in the software. The software solution developed by Intel and us in parallel will bring massive performance losses." The team informed Intel of the discovery as early as April 2019. "We agreed to this long period of secrecy to give Intel enough time to develop the necessary fixes and not to put computer users at risk."
Once again, the participating researchers recommend installing all security updates from the manufacturers and securing the computer system.

This research is anchored in the „Field of Expertise“ Information, Communication & Computing, one of the five fields of strength of TU Graz.

Information

The international team consisted of Jo Van Bulck and Frank Piessens from KU Leuven, Daniel Moghimi and Berk Sunar from Worcester Polytechnic Institute, Michael Schwarz, Moritz Lipp and Daniel Gruss from Graz University of Technology, Marina Minkin and Daniel Genkin from the University of Michigan and Yuval Yarom from the University of Adelaide and Data61.

Contact

Daniel GRUSS
Tel.: +43 316 873 5544
daniel.grussnoSpam@iaik.tugraz.at

Michael SCHWARZ
Tel.: +43 316 873 5537
michael.schwarznoSpam@tugraz.at

Moritz LIPP
Tel.: +43 316 873 5563
moritz.lippnoSpam@iaik.tugraz.at
TU Graz | Institute of Applied Information Processing and Communications