News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • New Plundervolt attack impacts Intel CPUs

    Posted on CADesertRat Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories New Plundervolt attack impacts Intel CPUs

    Viewing 0 reply threads
    • Author
      • #2017557 Reply
        AskWoody Plus

        The Bad news is that Intel has another flaw in their chips, the good news is that it can’t be used remotely.


        Plundervolt can be used to induce bugs in the encryption algorithms/operations performed inside SGX, resulting in encrypted content that’s easy to crack once it leaves the SGX enclave, allowing attackers to recover the encryption key that was used to encrypt the data in the first place.
        But despite sounding like a really bad bug, Plundervolt is not as severe as it sounds. For starters, Oswald tells ZDNet that Plundervolt can’t be exploited remotely, such as luring a user to a website and executing the attack via JavaScript.

        Plundervolt needs to run from an app on an infected host with root or admin privileges. This is not an impossible attack scenario, but this will require some social engineering and additional exploits — if Plundervolt is to be used in the wild.

        Additionally, Plundervolt doesn’t work from within virtualized environments, such as virtual machines and cloud computing services, where the host OS usually restricts the guest OS from accessing the interface that manages the CPU’s voltage and frequency.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        1 user thanked author for this post.
    Viewing 0 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: New Plundervolt attack impacts Intel CPUs

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.