Von links: Daniel Gruß, Michael Schwarz, Moritz Lipp (c) TU Graz
Author profile picture

An international research team has once again discovered a serious security vulnerability in computer processors: Load Value Injection. The vulnerability enables a new type of attack: Not only can sensitive data and keys be stolen, but also attacker data can be injected.

Load Value Injection follows on from a series of vulnerabilities that make the architecture of computer processors vulnerable to attack. The computer processors of the manufacturer Intel were particularly affected. The vulnerabilities were discovered by various international research teams who made them public under the names Spectre, Meltdown, Foreshadow, ZombieLoad and Plundervolt.

Security hole allows the injection of false data

Behind the discovery of the new Load Value Injection vulnerability is an international team, in which Daniel Gruss, Michael Schwarz and Moritz Lipp from the Institute for Applied Information Processing and Communication Technology at Graz University of Technology are central. This is relevant because the Graz researchers were already involved in the discovery of Meltdown, a vulnerability similar to Load Value Injection, in 2018.

Meltdown was a simple attack in which only four lines of computer code were enough to gain access.

Load Value Injection reverses this method: The attacked computer processor continues to operate with false data injected into the computer by attackers.

A video about Load Value Injection can be found here.

Sensitive area in the computer processor affected

The vulnerability is a hardware virus that can be exploited at the software level. The hardware extension Software Guard Extensions (SGX) Enclaves developed by Intel is affected. This extension was designed to protect the area of the computer processor where sensitive data is processed. This means that it should not be possible to execute code in this area.

In fact, for an attack, one would only have to write software that uses SGX enclaves, explains Daniel Gruss from the Graz research team. For example, a video streaming service could use the vulnerability to protect its own videos – even though they are played on a foreign laptop, the researcher says.

Closing the security gap

Intel, the manufacturer of SGX Enclaves software, was already informed of the vulnerability in April 2019. A long period of secrecy was agreed upon. This allowed Intel to make the necessary fixes and prevent computer users from being exposed to unnecessary risk. Closing the gap requires either massive intervention in the software or a completely new processor. The researchers have developed a software solution in parallel with Intel, but this will result in massive performance losses.

The research team recommends installing all security updates from the manufacturers and securing your own computer system. The first public information has already been published on the website lvi attack.eu. The scientific paper will be presented at the IEEE Security and Privacy Symposium in San Francisco in May.

The team:
KU Leuven: Jo Van Bulck and Frank Piessens
Worcester Polytechnic Institute: Daniel Moghimi and Berk Sunar
Graz University of Technology: Michael Schwarz, Moritz Lipp and Daniel Gruss
University of Michigan: Marina Minkin and Daniel Genkin
University of Adelaide and Data61: Yuval Yarom.

The discovery of computer hardware viruses

Michael Schwarz, Moritz Lipp and Daniel Gruss from the Institute for Applied Information Processing and Communication Technology at Graz University of Technology have acquired expertise in the detection of security vulnerabilities in computer processors – those that affect hardware. The discovery of computer hardware viruses is still new. Until 2018 it was assumed that only software viruses existed. Meltdown and Spectre, the first hardware viruses, were discovered simultaneously by several research teams. The three Graz researchers were there, together with Professor Stefan Mangard. Since then, the team has repeatedly published new security vulnerabilities in international collaboration.

Also interesting:
ZombieLoad 2.0 – Security hole despite update