What is the Foreshadow Flaw?

Another security flaw has been discovered this week that could have repercussions for the cryptocurrency market.

Called the Foreshadow Flaw, it impacts on “all Intel’s Software Guard Extensions (SGX) enclaves, a special, supposedly extra-secure region of chip often used for storing sensitive data,” as reported by Coindesk.

The enclave is supposed to be ‘bullet proof’, but researchers have discovered how attackers could steal the information stored there. This is a problem for crypto projects trying to leverage the use of some hardware devices.

In the past, bugs called Meltdown and Spectre were problematic enough, and they impacted every single Intel chip, the hardware powering most of the world’s computers. However, since an attack was pretty difficult to execute, there weren’t many real-world attacks.

The SGX from Intel
Foreshadow affects a specific type of Intel chip; the SGX, and to some experts it appears not to be as dangerous as Meltdown and Spectre. However, if you’re planning a cryptocurrency project using SGX –and many do plan to – there is concern that where the danger will become apparent.

For example, Signal creator Moxie Marlinspike is in the process of advising a new, allegedly greener coin called MobileCoin that puts SGX at the centre of the platform. Now, in the light of what has been discovered about Foreshadow, they have to restructure before launching.

Cornell University security researcher Phil Daian told CoinDesk, “The findings released today absolutely have a broad impact on cryptocurrency projects.” Daian also added, “It is likely that, because many of these systems are slow to upgrade and because many of these fixes require either involved or hardware upgrades, infrastructure will remain vulnerable to this class of attack for a long time,” and said he’d be surprised if it wasn’t used to steal cryptocurrency at some point.

But, here’s the good news: none of the crypto projects planning to use SGX are launched yet and so don’t hold any money. However, there are a lot of crypto projects that want to use SGX and Daian gave them the following advice: “Projects planning to launch soon that rely on SGX should evaluate the vulnerabilities and any updates from Intel with caution for implications to the security of their systems, and should publish such investigations along with their code.”

For a Limited Period 

We're Giving Away
FREE Lendo Accounts

Have You Got Yours Yet?

Our Quick Application Takes Less Than 2 Minutes to Complete    
Register My Free Account Now
No Thanks! I Dont Like Free Stuff