Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology.  The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to the chip was manipulated to undermine SGX enclave protections.  PlunderVolt was able to recover secret information like encryption keys from Intel’s hardened security SGX vault, but a patch has been released to close the risks.  However, VoltPillager bypasses that patch by directly manipulating voltage on the hardware itself.

The hardware to accomplish this feat is very inexpensive, coming in at around $36.  It does however require physical access to the motherboard to install the hardware hacking device. 

This is where the most disturbing aspect of this narrative emerges: pure denial by Intel.  Intel has apparently stated to news outlets and the vulnerability researchers that they don’t consider this a vulnerability because, according to Intel, they aren’t responsible for whatever happens if someone opens the case of a PC or server.  Therefore, it appears they have no intentions of fixing something they choose to not classify as a vulnerability.

How convenient!  Avoid dealing with the problem by saying it isn't a problem.

Once again it appears that Intel’s legal and marketing teams are in control of security policy.  This is a classic denial of responsibility. 

The simple fact is that SGX has one purpose: to be a secure vault embedded in Intel’s chips.  That vault has been cracked.  It does not matter how, it is Intel’s responsibility.

Dodging accountability speaks volumes to how any organization views, invests, and handles product security. 

Step up.  If your super-secret SGX vault is being cracked, then it does not matter how.  Own it and figure out mitigations. 

As a shareholder and cybersecurity expert, I am gravely disappointed!

This is security, not a marketing spin-control exercise or avoid-the-liability legal game.  It is time to replace the leadership that is allowing lawyers and marketeers to define your product security policy.  You are losing valuable trust with your customers and undermining the confidence in digital technology adoption.

Votes: 0
E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events