Security researchers have found that Intel’s Software Guard Extensions (SGX) have not met their expectations. It has been said that they can be used to hide pieces of malware that masquerade as normal operations.
SGX is defined as a set of processor instructions and features for creating a secure enclave in which code can be executed without any interference from any other software. Its main goal is to process financial transactions, perform anti-piracy decryption of Hollywood movies and such similar cryptography in private away from prying eyes.
However boffins, those who helped explore the Spectre-Meltdown processor flaw last year think they have cracked some of the security defences by leveraging the age old Return-Oriented Programming (ROP) technique.
ROP mainly involves altering a threads stack such that the application does not work normally, instead malicious operations are being carried out. This is done with the help of memory resident instructions called gadgets which manipulate the operation of the software.
The return address is being altered such that the code jumps back to somewhere else rather than where it was supposed to get back after a routine. Thus a small section of other code , then another gets done which makes the program do something else which was not intended to be done like leak or change data.
The malware in the enclave is hidden from view from antivirus and other security packages, but it can do whatever it can to the environment around it when it is activated by its hijacked hosts. The enclave can thus keep its vulnerability a secret by encrypting it and it can be decrypted and executed to signal an attack.
