720-891-1663
Researchers have really been beating up Intel this past year. When it wasn’t the Spectre class of attacks, it was the Meltdown class of attacks, both of which required microcode or firmware changes to Intel chips and even then, were not fully effective. And there have been other secure enclave attacks.
The newest Intel attack is called Plundervolt and it attacks Intel’s so-called secure enclave, where developers are supposed to store secrets safely. The problem is that secure is a relative term and now, it appears, that it is not so secure.
Plundervolt works by changing the voltage going to the CPU chip and since these days, everything is done in software, a hacker, if they can get some malware onto the computer, can change the voltage. Lowering the voltage, done right, can compromise the integrity of the secure enclave and allow hackers to change encryption keys to something easy to hack or even recover encryption keys stored in the enclave.
This is not a simple attack, so, at least FOR RIGHT NOW, its usage is likely to be limited to high value targets, but attacks often get easier over time, so don’t assume you are safe.
Intel has released patches which lock down the voltage (and fix other bugs), but you have to get them deployed and that is far more difficult than getting a Windows patch out.
Source: Wired and Bleeping Computer