The attack can take one of three different shapes (so far), and ultimately allows a hacker to access sensitive data stored in the computer’s memory or on third-party cloud-based storage services. This sensitive data includes passwords, pictures, other sorts of data files, and encryption keys.
The three variants of the attack have been grouped into two distinct categories, known as Foreshadow and Foreshadow NG (Next Gen).
The standard Foreshadow variant (Reference CVE-2018-3615) targets Intel’s Software Guard Extensions (SGX), which is new technology designed by intel to help keep user data from falling into the wrong hands, even if the whole system comes under attack.
As the researchers who discovered it describe it:
“Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-sealed. With the extracted sealing key, an attacker can trivially calculate a valid Message Authentication Code (MAC), thus depriving the data owner from the ability to detect the modification.”
The Foreshadow: Next Generation attack (reference CVE-2018-3620 and CVE-2018-3646) targets virtualization environments like those used by large cloud-based service providers like Microsoft and Amazon.
From the researchers again:
“Using Foreshadow-NG, a malicious program running on the computer might be able to read some parts of the kernel’s data. As the kernel has access to data stored by other programs, a malicious program might be able to exploit Foreshadow-NG to access data belonging to other programs.
Foreshadow is different from Meltdown as it targets virtual machines and SGX, in addition to data stored in the operating system’s kernel (which was targeted by Meltdown).”
According to Intel, none of these attacks have been seen in the wild, but of course, that’s just a matter of time now. No word from Intel yet on a timeframe to address these issues, but stay tuned.