New Security Flaw in Intel Processors Could Allow Hackers to Steal Data

Like the previous attacks, the new technique - dubbed Load Value Injection - targets the 'vault' of computer systems with Intel processors: SGX enclaves.

Advertisement
By Indo-Asian News Service | Updated: 11 March 2020 14:48 IST
Highlights
  • Computer scientists have exposed a security flaw in Intel processors
  • It could allow an attacker to acquire sensitive information
  • The vulnerability was already discovered on April 4, 2019

In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities

Computer scientists at Belgium's leading higher education and research university KU Leuven have once again exposed a security flaw in Intel processors that could allow an attacker to acquire sensitive information, such as the victim's fingerprints or passwords. In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities that computer scientists at KU Leuven have helped expose.

"All measures that Intel has taken so far to boost the security of its processors have been necessary, but they were not enough to ward off our new attack," said Jo Van Bulck from the Department of Computer Science at KU Leuven.

Advertisement

Like the previous attacks, the new technique - dubbed Load Value Injection - targets the 'vault' of computer systems with Intel processors: SGX enclaves.

"To a certain extent, this attack picks up where our Foreshadow attack of 2018 left off. A particularly dangerous version of this attack exploited the vulnerability of SGX enclaves, so that the victim's passwords, medical information, or other sensitive information was leaked to the attacker," Jo Van Bulck said in a statement released by KU Leuven on Tuesday.

Advertisement

"Load Value Injection uses that same vulnerability, but in the opposite direction: The attacker's data are smuggled - 'injected' - into a software programme that the victim is running on their computer. Once that is done, the attacker can take over the entire programme and acquire sensitive information, such as the victim's fingerprints or passwords."

The vulnerability was already discovered on April 4, 2019. Nevertheless, the researchers and Intel agreed to keep it a secret for almost a year. Responsible disclosure embargoes are not unusual when it comes to cyber-security, although they usually lift after a shorter period of time.

Advertisement

"We wanted to give Intel enough time to fix the problem. In certain scenarios, the vulnerability we exposed is very dangerous and extremely difficult to deal with because, this time, the problem did not just pertain to the hardware: The solution also had to take software into account," Van Bulck said.

"Therefore, hardware updates like the ones issued to resolve the previous flaws were no longer enough. This is why we agreed upon an exceptionally long embargo period with the manufacturer," Van Bulck added.

Advertisement

The researcher said that Intel ended up taking extensive measures that force the developers of SGX enclave software to update their applications.

"However, Intel has notified them in time. End-users of the software have nothing to worry about: They only need to install the recommended updates," Van Bulck said.

"Our findings show, however, that the measures taken by Intel make SGX enclave software up to 2 to even 19 times slower," he added.

In 2018, when researchers at KU Leuven discovered a vulnerabiliy, their attack was dubbed Foreshadow.

In 2019, an attack, dubbed "Plundervolt", revealed another vulnerability. Intel has released updates to resolves both flaws.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Intel, KU Leuven
Advertisement

Related Stories

Popular Mobile Brands
  1. iQOO 16 Series May Launch Without an Ultra Model Due to This Reason
  2. Here's How Much the Samsung Galaxy A27 5G Costs in India
  3. Google Is Now Testing These Conversational Voice Features on Keep and Gmail
  4. iQOO Pad 5c With a 10,000mAh Battery Debuts at This Price
  5. OnePlus N6 Review
  6. Oppo Reno 16 to Launch With This Snapdragon Chipset in India
  1. Samsung Begins Teasing Wider Foldable Ahead of Anticipated Galaxy Unpacked Launch Event
  2. Google Begins Testing New Conversational Voice Features for Gmail and Google Keep
  3. iQOO Pad 5c Launched With 10,000mAh Battery, 12.1-Inch 2.8K Display: Price, Specifications
  4. Nothing Ear 3a Launch Date Announced; New Teaser Reveals Four Colourways
  5. Samsung Galaxy Z Fold 8 Full Specifications Tipped; May Get 50-Megapixel Cameras, 7.6-inch Display
  6. Uber Announces Record My Ride, Ambulance Assistance in India Along With New Safety Features
  7. Google Announces Nano Banana 2 Lite-Powered Short Video Overviews for NotebookLM
  8. Assassin's Creed Black Flag Resynced Console Specs, PS5 Pro Enhancements Confirmed
  9. Redmi K90 Ultra Launched With Snapdragon 8 Elite Chipset, Cooling Fan and 8,550mAh Battery: Price, Specifications
  10. Apple May Be Required to Allow External App Payments, Third-Party NFC Access in UK: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.