Foreshadow
The Foreshadow Attack is an exploit discovered in 2018 that affects devices manufactured by Intel. The Foreshadow Attack takes advantage of a vulnerability in SGX enclaves which are used by Intel chips to process data quickly, encrypting sensitive data in real time. The Foreshadow Attack uses an exploit to extract data from the SGX memory by taking advantage of a flaw in how a technique known as 'speculative execution' works. This is a technique that can be used to improve hardware performance by enabling a CPU to predict code instructions used frequently, as well as data that is accessed frequently. However, it also allows an attacker to extract some data from the device.
Identifiers of the Foreshadow Attack and Affected Devices
The following are the labels given to vulnerabilities exploited by the Foreshadow Attack:
CVE-2018-3615 - L1 Terminal Fault: SGX
CVE-2018-3646 - L1 Terminal Fault: VMM
A large number of processors manufactured by Intel were affected by the vulnerabilities exploited in the Foreshadow Attack. The following are the devices that were vulnerable to the Foreshadow Attack when it was first detected:
Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors **
7th generation Intel® Core™ processors **
8th generation Intel® Core™ processors **
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family **
Intel® Xeon® Processor E3 v6 Family **
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor D (1500, 2100)
** indicates Intel microprocessors affected by CVE-2018-3615 - L1 Terminal Fault: SGX
While some of these devices may have received firmware patches, it is possible that the Foreshadow Attack may affect all of them (this list is updated regularly by Intel).
How the Foreshadow Attack Works
The Foreshadow Attack reads data that is usually meant to be protected. This is data that is not available even to computer users with administrative privileges on the affected computer and functions on a hardware level. This means that the Foreshadow Attack exploits vulnerabilities in the hardware directly and can affect computers no matter the operating system being used on the targeted device. The Foreshadow Attack is extremely complex and cannot be carried out by just anyone. It also requires physical access to a device and significant knowledge. This is why the Foreshadow Attack does not pose a threat to the average computer user. However, it does seem that since the Foreshadow Attack was first observed, Intel has released software patches that can help those worried about mitigating the Foreshadow Attack. There also are lists of best practices that can help minimize the risk and exposure to the Foreshadow Attack and similar hardware vulnerabilities that may be present on a device manufactured by Intel (the Foreshadow Attack is not the only attack of its type that has been uncovered in recent years).
