Foreshadowing attacks: cybersecurity researchers save the day

By Chris Chelvan

15 August 2018

2 minute read

Researchers have discovered a new cyber vulnerability, Foreshadow.

The Meltdown and Spectre vulnerabilities uncovered in January 2018 affected nearly all high-end microprocessors produced in the last two decades. Everything from smartphones and PCs to cloud computing were left vulnerable to attack.

It was a wakeup call for the 21st century: cybersecurity affects everyone. And it’s not just viruses or trojans that pose a threat, but weaknesses in systems previously considered impenetrable.

The impact of Meltdown and Spectre is still being felt, and a new variant of Meltdown has just been discovered: Foreshadow.

Uncovered concurrently by two international teams of security researchers, Foreshadow is a hardware vulnerability that can be exploited to bypass Intel Processors’ secure enclaves to access its memory and data.

How does Foreshadow work?

Computers are built like skyscrapers, with each floor supported by the one beneath. Unfortunately it means attacks exploiting a flaw in a lower level can compromise the floors above, exposing a user’s data.

Intel’s Software Guard Extension (SGX) feature improves security by building a fortress around user’s data designed to protect against such collapses.

But Foreshadow is able to defeat this fortress by creating a shadow copy of the data it is protecting into a different unprotected area in order to read the SGX-protected data. Once a single SGX fortress is breached, the entire ecosystem collapses and user data is compromised.

What does it affect?

“SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication, or to prevent content being downloaded from video streaming services,” said Dr Yuval Yarom, from our Data61 and the University of Adelaide’s School of Computer Science, part of the team that discovered Foreshadow.

Intel will need to revoke the encryption keys used in millions of computers worldwide to mitigate the impact of Foreshadow.

A new class of computer security vulnerabilities

The researchers reported these findings to Intel earlier this year, and the company’s own analysis into the causes of the vulnerability led to the discovery of a new variant of Foreshadow, called Foreshadow-NG.

This particular variant is theoretically capable of bypassing the earlier fixes introduced to protect computers against Meltdown and Spectre — potentially re-exposing millions of computers globally to attacks.

Intel has since release patches and updates to mitigate all varients of Foreshadow. However, more research will need to be done to understand the full impact of the Foreshadow-NG variant.

Researchers like Dr Yarom and his team play an integral role in mitigating computer security threats. In fact, he was one of a team of researchers who first discovered and reported Meltdown and Spectre earlier this year.

By testing the boundaries of systems and identifying weaknesses or vulnerabilities, offensive cyber security specialists play an important role in plugging security gaps before they can be taken advantage of by malicious hackers.

The two teams that concurrently discovered Foreshadow include

With Data61 you're in cyber secure hands