Researchers from the University of Duisburg-Essen have developed a technique that for the first time allows
SGX is a popular technology used forprotection of confidential data. With it, developers can protect a specific area of memory from the rest of the computer. For example, in such a dedicated zone, it is safe to run a password manager even on an infected computer, the authors of the study explain.
Fuzzing testing uses input inlarge amount of data program to get an idea of the structure and quality of the code. This method allows for automated or semi-automated testing to quickly identify vulnerabilities. The complexity of this approach lies in the fact that fuzzing requires nested data structures that must be reconstructed from the protected area code.
Since enclaves are not designed for introspection, it is difficult to apply fuzzing to them.
Tobias Klouster, security expert at the University of Duisburg-Essen, co-author of the testing methodology
Researchers report that they have succeededanalyze shielded areas without access to source code and identify multiple vulnerabilities in security-critical software.
For example, all testedfingerprint drivers, as well as cryptocurrency wallets. Hackers can use these vulnerabilities to read biometric data or steal the entire balance of the stored cryptocurrency.
Security experts have already informed software companies about the vulnerabilities found.
Read more:
The James Webb telescope took the first picture of Jupiter: it shows 9 moving targets at once
Physicists have found a universal "clock" in space: they are more accurate than atomic
A huge comet flew past the Earth, but became larger and headed towards the Sun