VoltPillager: the $30 next-generation of undervolting attacks against Intel SGX

Researchers at the University of Birmingham have managed to break SGX,  a set of security functions used by Intel processors,  by creating a $30 device to control CPU voltage.

The work follows a 2019 project, in which an international team of researchers, including from the University of Birmingham, demonstrated how to break Intel's security guarantees using software undervolting. This attack, called Plundervolt, used undervolting to induce faults and recover secrets from Intel's secure enclaves.

Intel fixed this vulnerability in late 2019 by removing the ability to undervolt from software with  microcode and BIOS updates.

But now, a team in the University's School of Computer Science has created a $30 device, called VoltPillager, to control the CPU's voltage  - thus side-stepping Intel's fix. The attack requires physical access to the computer hardware - which is a relevant threat for SGX enclaves that are often assumed to protect against a malicious cloud operator.

This research takes advantage of the fact that there is a separate voltage regulator chip to control the CPU voltage. VoltPillager connects to this unprotected interface and precisely controls the voltage.  University of Birmingham's research show that this hardware undervolting can achieve the same (and more) as Plundervolt. 

Zitai Chen, a PhD student in Computer Security at the University of Birmingham, says: “This weakness allows an attacker, if they have control of the hardware, to breach SGX security. Perhaps it might now be time to rethink the threat model of SGX. Can it really protect against malicious insiders or cloud providers?”

VoltPillager will be presented at the Usenix Security 2021 conference. More information can be found on the VoltPillager website.

This research was partially funded by the Engineering and Physical Sciences Research Council (EPSRC), by the European Union’s Horizon 2020 research and innovation programme and by the Paul and Yuanbi Ramsay Endowment Fund.

• For further information please contact Beck Lockwood, Press Office, University of Birmingham, tel +44 (0)121 414 2772.
• VoltPillager was discovered by the following researchers: Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald and Flavio D Garcia (The University of Birmingham).
• Chen et al. (2021). ‘VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface’ will be published at:   To appear at USENIX Security 21. A copy of the paper is available on request.
• The University of Birmingham is ranked amongst the world’s top 100 institutions. Its work brings people from across the world to Birmingham, including researchers, teachers and more than 6,500 international students from over 150 countries.