Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Discovery Casts Dark Shadow on Computer Security

By University of Adelaide | August 20, 2018

Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors’ secure regions to access memory and data.

The vulnerability affects Intel’s Software Guard Extension (SGX) technology, a new feature in modern Intel CPUs which allows computers to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.

The two teams that independently and concurrently discovered Foreshadow have published a report on the vulnerability, which causes the complete collapse of the SGX ecosystem and compromises users’ data.

“SGX can be used by developers to enable secure browsing to protect fingerprints used in biometric authentication, or to prevent content being downloaded from video streaming services,” Dr Yuval Yarom from CSIRO’s Data61 and the University of Adelaide’s School of Computer Science said.

“Foreshadow compromises the confidentiality of the ‘fortresses’, where this sensitive information is stored and once a single fortress is breached, the whole system becomes vulnerable.”

The researchers reported these findings to Intel earlier this year, and the company’s own analysis into the causes of the vulnerability led to the discovery of a new variant of Foreshadow, called Foreshadow-NG which affects nearly all Intel servers used in cloud computing.

Foreshadow-NG is theoretically capable of bypassing the earlier fixes introduced to mitigate against Meltdown and Spectre, potentially re-exposing millions of computers globally to attacks.

“The SGX feature is widely used by developers and businesses globally, and this opens them up to a data breach that can potentially affect their customers as well,” Dr Yarom said.

“Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow.

“Intel’s discovery of the Foreshadow-NG variant is even more severe but will require further research to gauge the full impact of the vulnerability.”

Intel has since released patches, updates and guidelines to resolve both Foreshadow and Foreshadow-NG.

Researchers have not yet tested if similar flaws exist in processors of other manufacturers.

Adrian Turner, CEO of CSIRO’s Data61 said this is a significant discovery that shows the far-reaching impact of Meltdown and Spectre and reinforces the role of research for discovering and preventing flaws.

“Experts like Dr Yarom play a vital role in finding vulnerabilities, responsibly disclosing them and developing trustworthy systems to keep critical infrastructure secure,” Mr Turner said.

“Data61 has also joined the RISC-V Foundation’s security task group which aims to prevent the likes of Meltdown and Spectre from occurring again.”

Related Articles Read More >

R&D 100 winner of the day: Electromagnetic spectrum management system (ESMS)
Claude computer use
AI agents could begin transforming how we work in 2025
refinery
AI takes center stage in Honeywell-Chevron collaboration
Firefly blurred lines between a human and machine researcher 72875
Copyleaks CEO: OpenAI’s o1 emergence could blur the lines between human researcher and AI assistant
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE