author photo
By SecureWorld News Team
Wed | Feb 13, 2019 | 8:34 AM PST

The researchers are calling it super-malware, and they've documented what it can do on Intel's SGX.

Ars Technica has an excellent write up on this:

"Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks."

Intel's response:

"Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel® SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us, and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Gruss for their ongoing research and for working with Intel on coordinated vulnerability disclosure."

The rest of the story has a great number of details on this discovery.

[Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some modern Intel central processing units.]

Comments