Major security flaws in widely used processors can now expose valuable data such as the private keys so now storing them on a computer, even offline, poses a threat as we are reading in today’s crypto news.
Just a year later from the Spectre and Meltdown revealed vulnerabilities, there is a new way to steal valuable information such as private keys that can grant access to crypto funds. New major security flaws were discovered and one is even capable of stealing information from the Software Guard Extensions SGX which can be used for storing private keys and other valuable information. The data can be accessed through a novel attack according to ArsTechnica. This means that the sensitive data can be accessed by injections that stem from the malicious code or app which can gain access to the information which is usually restricted from sharing exactly as the private keys are.
The vulnerabilities will help the apps that use SGX to create a new vault for encryption keys passwords and the digital rights management technology and other information. This new flaw is a cross-vulnerability with a previously known exploit known as the Meltdown. Intel has already released a list of processors affected by the latest flaw. Not like the previous Meltdown-type attacks, LVI cannot be mitigated transparently in the processors and demands for expensive software patches which usually slow down the SGX enclave computations 2 to 19 times. Intel made a statement about the mitigation:
‘’Researchers have identified a new mechanism referred to as Load Value Injection (LVI). Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe LVI is a practical method in real world environments where the OS and VMM are trusted. New mitigation guidance and tools for LVI are available now and work in conjunction with previously released mitigations to substantively reduce the overall attack surface.’’
The scope of the LV attack was presented in detail in 2019 and the researchers suggested that the attack is difficult to perform and will not be likely to attack the consumer electronics. So far, there is no known instances of the attack known so it is possible the LV attack could affect the cloud computing resources.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post