Intel in Denial of the Latest SGX Secure Enclave Vulnerability

Another vulnerability and exploit named VoltPillager has been published for Intel Corporation’s SGX security technology. The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to the chip was manipulated to undermine SGX enclave protections. PlunderVolt was able to recover secret information like encryption keys from Intel’s hardened security SGX vault, but a patch has been released to close the risks. However, VoltPillager bypasses that patch by directly manipulating voltage on the hardware itself.

The hardware to accomplish this feat is very inexpensive, coming in at around $36. It does however require physical access to the motherboard to install the hardware hacking device.

This is where the most disturbing aspect of this narrative emerges: pure denial by Intel. Intel has apparently stated to news outlets and the vulnerability researchers that they don’t consider this a vulnerability because, according to Intel, they aren’t responsible for whatever happens if someone opens the case of a PC or server. Therefore, it appears they have no intentions of fixing something they choose to not classify as a vulnerability.