Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX).

Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software  within these enclaves, according to the proof of concept.

Previously, the only known vulnerabilities affecting SGX enclaves were side channel attacks that leaked data being processed into the enclave but now the most recent researcher demonstrates how the enclaves can be used to conceal malware.

Executing an attack depends on the attacker’s ability to install or trick a user into installing an app that sets up a malicious enclave and the researchers have found at least four methods an attacker could use to obtain a signature key and sign a malicious enclave.

The malware impersonates its host application and uses the new TSX-based techniques including a memory-disclosure primitive and a write-anything-anywhere primitive.

Researchers also published a proof-of-concept code for enclave malware on GitHub.

This particular vulnerability is a great example of why a security strategy that relies heavily on endpoint agents for the detection of malware is flawed,”Bob Noel, VP of Strategic Relationships for Plixer told SC Media.

“Monitoring end devices can be an important part of a security stack, but it should only be part of the overall ecosystem. A critically important technology is network traffic analysis. Any compromised device will exhibit new network traffic patterns.”

Noel said for a compromised device to deliver value to a cybercriminal, the miscreant must communicate it with it in some manner, whether that is to steal data, exchange information with a command and control server, move laterally throughout the environment to find critical assets, or simply cause disruption to the business.

The researchers said their results laid the foundation for future research into more realistic trust relationships between enclave and non-enclave software, as well as the mitigation of enclave malware.

Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX,” and Intel spokesperson told SC Media. “The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research.”