Whenever a new tech software or hardware is released, even with the rigorous testing phases it goes through, new errors and bugs keep on emerging potentially threatening the security of the assets of individuals. Yesterday it was reported that a flaw was found in the chips generated by Intel. This flaw nicknamed as the Foreshadow vulnerability impacts all Intel Software Guard Extensions. The part of chip that is extra secure for storing sensitive data was deemed insecure due to the aforementioned liability. A group of researchers from KU Leuven University and University of Adelaide discovered the bug. Professor Thomas Wenisch from the University of Michigan explained,
What our attack does is it uses techniques that are very similar to the Meltdown attacks from six months ago, but we discovered we could specifically target a lock box within Intel’s processors. It would let you leak any data you want out of these secure enclaves.
The foreshadow only affected a selected number of hardware devices manufactured by the company, and to be able to access those secret enclaves, a lot effort had to be made. Therefore, there had been no reports of attacks on the individuals using these devices. Intel also provided a list of susceptible hard devices and also provided a video explaining the details about the foreshadow.
So the big question is that how does this effect the cryptocurrency projects?
MobileCoin, which is a new project, plans to deploy the hardware that houses chips susceptible to this threat. Now, the company will have to go through its product to verify if it is secure to release or not. Cornell University security researcher Phil Daian told,
The findings released today absolutely have a broad impact on cryptocurrency projects.
It is likely that, because many of these systems are slow to upgrade and because many of these fixes require either involved or hardware upgrades, infrastructure will remain vulnerable to this class of attack for a long time.
Further he told,
Projects planning to launch soon that rely on SGX should evaluate the vulnerabilities and any updates from Intel with caution for implications to the security of their systems, and should publish such investigations along with their code.
The L1 terminal fault, foreshadow was reported by the researchers to Intel, who released a patch to this problem and then notified the masses about the problem. They were bound to follow a protocol which allowed Intel to fix the problem and then let the users know, otherwise there could have been catastrophic ramifications. Valuable and secret data as well as money and valuable asset could have been compromised if the news reached the wrong ear. Daian also said,
It would be surprising if at some point this flavor of attack is not used to steal cryptocurrency.
Due to these errors, one thing has become abundantly clear. Even with all the security protocols embedded in the new technologies, there can be ways to threaten the integrity and security of the system. Users need to be careful with trusting their data to devices that may prove to be liable to such threats. Kings College London assistant professor Patrick McCorry told,
The SGX attack is devastating, it can potentially undermine the integrity – and privacy – for any application that is reliant upon trusted hardware. A lot of companies in the cryptocurrency space rely on SGX to support multi-party protocols, but this attack allows any participant to cheat.
As a solution to these problems, an extra layer of security should be added as a defense against all threats and intrusions. It is also mandatory that the software for your devices be regularly updated in case a vulnerability is detected and the company releases a patch to overcome that problem. Daian said,
In my opinion, good SGX research and systems should assume hardware can always be broken at some cost, and should, as always, design defensively and include layered security.
Daian lay emphasis on how important it was for the companies who are the providers of these chips to thoroughly test their hardware before they decide to release it to the public. He also mentioned that to get to that level of expertise, Intel and numerous other manufacturers have a long way to go.
SGX will need to be repeatedly tested and broken by adversarial researchers until it can claim a strong degree of security, which will take years. Daian
Overall, the speed, space and security of electronic chips is being improved with every passing day. Some of the new technologies like blockchain are still considered to be in their early stage of development. The optimization of such functionality could take years. Nevertheless, it holds a lot of potential. With every fault and error being discovered, we are inexorably getting closer to an incorruptible system and network.