PLATYPUS - CPU side-channel attack (CVE-2020-8694 / CVE-2020-8695)
Time to update.
With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor's power consumption to infer data and extract cryptographic keys.
[...]
On Linux, the powercap framework provides unprivileged access to the Intel RAPL counters. With a recent security update, this access is revoked, and an unprivileged attacker can not retrieve power measurements anymore.
However, this update does not protect against a privileged attacker, e.g., a compromised operating system targeting Intel SGX. To mitigate attacks in this scenario, Intel released microcode updates to affected processors. These updates ensure that the reported energy consumption hinders the ability to distinguish the same instructions with different data or operands if Intel SGX is enabled on the system.
Please make sure to get the latest updates for your operating system and BIOS.
List of Intel CPUs affected: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
AMD and ARM processors may also be affected, though untested.
Source: https://platypusattack.com/
Comments
@chocolateshirt - your avatar has gone rogue!