Freely subscribe to our NEWSLETTER

The work follows a 2019 project, in which an international team of researchers, including from the University of Birmingham, demonstrated how to break Intel's security guarantees using software undervolting. This attack, called Plundervolt, used undervolting to induce faults and recover secrets from Intel's secure enclaves.

Intel fixed this vulnerability in late 2019 by removing the ability to undervolt from software with microcode and BIOS updates.

But now, a team in the University's School of Computer Science has created a $30 device, called VoltPillager, to control the CPU's voltage - thus side-stepping Intel's fix. The attack requires physical access to the computer hardware - which is a relevant threat for SGX enclaves that are often assumed to protect against a malicious cloud operator.

This research takes advantage of the fact that there is a separate voltage regulator chip to control the CPU voltage. VoltPillager connects to this unprotected interface and precisely controls the voltage. University of Birmingham's research show that this hardware undervolting can achieve the same (and more) as Plundervolt.

Zitai Chen, a PhD student in Computer Security at the University of Birmingham, says: “This weakness allows an attacker, if they have control of the hardware, to breach SGX security. Perhaps it might now be time to rethink the threat model of SGX. Can it really protect against malicious insiders or cloud providers?”

VoltPillager will be presented at the Usenix Security 2021 conference. More information can be found on the dedicated website: hw.plundervolt.com

This research was partially funded by the Engineering and Physical Sciences Research Council (EPSRC), by the European Union’s Horizon 2020 research and innovation programme and by the Paul and Yuanbi Ramsay Endowment Fund.