A multinational team of security researchers have identified a new threat to machines using Intel CPUs.
An international team of security researchers from TU Graz, CISPA and the University of Birmingham are presenting new side-channel attacks. These are attacks which use fluctuations in software power consumption to access sensitive data on Intel CPUs.
Together with international colleagues, CISPA researcher Michael Schwarz and the TU Graz computer scientists Daniel Gruss and Moritz Lipp have presented a research paper. The paper details a method that allows power side-channel attacks even without physical access.
They have presented PLATYPUS, a method that allows power side-channel attacks even without physical access. Affected devices include desktop PCs, laptops and cloud computing servers from Intel and AMD.
Platypus is an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets.”
Why this attack is so dangerous
Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Such attacks used to require physical access to the target device and special measurement tools such as an oscilloscope. This is because power measurements with a malware were previously too inaccurate,
Now, according to the research team, malefactors can execute such attacks without having physical access to the hardware.
RAPL interface and SGX enclaves are key to the attack
The researchers used a combination of two techniques in their methods of attack. First, they made the processor execute certain instructions tens of thousands of times within an SGX enclave. To do this they used a compromised operating system targeting Intel SGX.
The power consumption of each of these commands was measured via the RAPL interface. The fluctuations in the measured values then allowed the attacker to reconstruct data and cryptographic keys.
Linux is most vulnerable
According to the Graz team, PLATYPUS attacks are most effective on Linux systems. This is because the Linux kernel has what is called a powercap framework. This is a universal driver that interacts with RAPL interfaces and other power capping APIs. This in turn provides for easy reads of power consumption values.
Attacks on Windows and macOS are also possible. But to execute a PLATYPUS attack on these devices, the Intel Power Gadget app must be installed on the targeted devices. This app allows the attackers to access the RAPL interface.