IT-Security

LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection

chaosstudio-hamburg
Load Value Injection (LVI) is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.
Since 2018, we have seen an alarming wave of Meltdown-type attacks: from the original Meltdown, breaking kernel isolation, over Foreshadow, breaking virtual machine and SGX enclave isolation, to most recently ZombieLoad, breaking essentially all of these. All of these attacks exploit CPU vulnerabilities to leak data, breaking basically all confidentiality guarantees of CPUs. Luckily, there are already widely deployed countermeasures -- either in hardware or software -- preventing exploitation of these attacks. In this talk, we show that despite all countermeasures, the Meltdown effect can be turned around to inject attacker-controlled data into the microarchitectural state of any application. This technique, called Load Value Injection (LVI), smuggles the attacker's data through hidden processor buffers into a victim program and allows to hijack both transient control flow as well as the data flow. By forcing a (microarchitectural) fault in the victim, the victim transiently calculates on maliciously injected data. Especially in the case of trusted execution environments, such as Intel SGX, where an attacker has full control of the operating system, adversaries can easily trigger a fault in the victim and leak arbitrary enclave secrets. We show that this can be exploited for all CPUs that were affected by some variant of Meltdown. As a result, we can bypass existing Meltdown countermeasures, arbitrarily change control flow, and let the application work on attacker-controlled data. We outline the drastic consequences for affected CPUs. After nearly 1 year of embargo, fully mitigating our attacks requires serializing the processor pipeline with memory fence instructions after possibly every memory load. Additionally and even worse, due to implicit loads on some architectures, specific instructions have to be blacklisted, including the ubiquitous x86 ret instruction. Intel's compiler mitigations lead to performance impacts of factor 2 to 19. In a demo, we show how LVI can be used to leak a cryptographic key. For more information about our work, including demo videos and a trailer, see: A technical paper about this work appeared at IEEE S&P 2020 and is available here:

Additional information

Type Talk
Language English

More sessions

12/27/20
IT-Security
Max Aliapoulios
rC2
Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a cryptocurrency such as Bitcoin. In this talk, we present a measurement framework that we used to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims and operators.
12/27/20
IT-Security
Thomas Roth
rC2
On November 13., Nintendo launched its newest retro console, the Nintendo Game and Watch - but by then it was already hacked! In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release. This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new ...
12/27/20
IT-Security
Florian Schweitzer
chaosstudio-hamburg
Ein Klick auf einen "Unsubscribe"-Link in einem Newsletter reicht oft aus, damit ein Angreifer eine Rufumleitung bei einer Zielperson einrichten kann. Damit lassen sich etwa die Passwörter von mit der Rufnummer verknüpften Google- oder Microsoft-Accounts zurücksetzen.
12/27/20
IT-Security
rC1
After the first unsuccessful deployment of voting machines in Germany about ten years ago, elements of electronic voting have reached elections again. Although there is now still a paper-trail, more and more essential steps, such as counting the votes, are moved into electronic systems. This change in the ballot-counting procedure took place mostly unnoticed by the public. We are two very concerned election workers who present our first-hand experience in this talk. We show that the current ...
12/28/20
IT-Security
jiska
rC2
How secure is the interface between baseband chips and iOS? While this interface should protect against escalations from the baseband into operating system components, its implementation is full of bugs. Fuzzing this interface is not only relevant to security, but also results in various funny effects, since the iPhone looses information about its identity and location, and eventually ends up in a state with a few thousand unread SMS that can no longer be deleted.
12/28/20
IT-Security
Alisa Esage
rC2
State-of-the-art report on Qualcomm DIAG diagnostic protocol research, its modern implementation as it appears in Hexagon basebands, advanced harnessing and reverse-engineering on modern off-the-shelf smartphones.
12/28/20
IT-Security
Ross Anderson
rC1
The EU has been pushing for apps that support end-to-end encrypted messaging to contain an upload filter, which will scrutinise material for prohibited content before it's encrypted. This is the latest in a long line of attempts to maintain government access to data despite cryptography. In this talk, I will try to put them in context of the last two crypto wars and assess the costs their efforts have imposed on our economies. I'll finally ask what strategic direction democratic governments ...