2 min

According to academic researchers the exploits of Intel CPU’s can leak encryption keys and other vital information.

This week The Register reported that post-graduate researchers in the USA have found a new way for malefactors to exploit Intel CPUs.

Doctoral student Riccardo Paccagnella, master’s student Licheng Luo, and assistant professor Christopher Fletcher found the weaknesses. The researchers, all of whom are at the University of Illinois at Urbana-Champaign, examined the way CPU ring interconnects work . They found tthat hackers can abuse the rings for side-channel attacks.

The main take-away from their research is that one application can infer another application’s private memory and spy on a user’s keyboard inputs.

Side channel attacks are a known threat since 2018

“It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs”, Paccagnella told The Register. “The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses.”

It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs

Side-channel attacks are much like the Spectre and Meltdown vulnerabilities from 2018. They also exploit the characteristics of modern chip microarchitecture. Attackers use these exploits to discover secret information through interaction with shared system resources.

Paccagnella, Luo, and Fletcher have detailed their findings in a paper they intend to present at are planning to present at USENIX Security 2021 in August. The paper is titled “Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical”.

How they did it

In the paper, the intrepid trio explain how they were able to figure out the workings of Intel’s ring interconnect. This interconnect is a type of bus that passes information between Intel CPU cores.

First, they had figured out how the ring interconnects functioned. Then they discovered that they could leak cryptographic key bits from RSA and EdDSA implementations. These implementations are vulnerable to side-channel attacks, according to previous studies.

The researchers then demonstrated how they could monitor keystroke timing. This type of monitoring can be used to reconstruct typed passwords, according to earlier research.

“With knowledge from the reverse engineering, the attacker/receiver can set itself up such that its loads are guaranteed to be delayed by the victim/sender memory accesses, and use these delays as a side channel,” Paccagnella said.