A group of researchers from the Graz University of Technology (Austria), formerly known for developing attack methods to MDS, NetSpectre, Throwhammer and ZombieLoad, they made known recently the news that they have been developing a new side channel attack method, codenamed "PLATYPUS".
El ataque allows reconstruction of calculated data based on the information received by a non-privileged user through the RAPL power monitoring interface provided on modern Intel (CVE-2020-8694, CVE-2020-8695) and AMD (CVE-2020-12912) processors.
About PLATYPUS
Los investigadores were able to demonstrate the extraction of the Intel SGX enclave from the private RSA key used for encryption using the TLS mbed library, as well as the AES keys used for AES-NI encryption at the Linux kernel level.
In addition, shown that an attack can be used to bypass protection mechanisms and determining address space randomization parameters (KASLR) while exploiting various vulnerabilities.
El ataque is based on fluctuations in CPU power consumption when executing certain processor instructions, processing different operands, and retrieving data from memory, which allows to judge the nature of the loaded data. Unlike similar attack methods developed earlier that analyze voltage fluctuations, PLATYPUS does not require physical access to the equipment and an oscilloscope connection, but allows to use RAPL interface (Running Average Power Limit) available on Intel and AMD processors, starting with the Sandy Bridge and Zen families.
We take advantage of unprivileged access to the Intel RAPL interface by exposing processor power consumption to infer data and extract cryptographic keys.
The problem is compounded by the fact that the powercap framework added to the Linux kernel provides access to RAPL counters to non-privileged users, making it possible to track CPU and DRAM consumption. On Windows and macOS, the attack requires the installation of the Intel Power Gadget package (this package requires privileged access).
Attack is hampered by the very low measurement resolution, incomparable to the precision achieved with an oscilloscope. In particular, RAPL can take readings at 20 kilohertz and averaged values, whereas an oscilloscope can take measurements at several gigahertz. However, the precision of RAPL turned out to be sufficient to extract information from the general instruction flow about the execution of repeated instructions with different data or operands.
Businesses Intel and AMD have released updated driver code for Linux, where access to RAPL is restricted to the root user. The developers of the Xen hypervisor have also released a solution that blocks access to RAPL from guest systems.
At the same time, access restrictions are not sufficient to block attacks on enclaves Intel SGX that can be carried out by attackers who have gained privileged access to the system.
To protect against these attacks, Intel has also released a microcode update, which also fixes several other vulnerabilities that could lead to data breaches. In total, Intel's November update fixed 95 vulnerabilities in various products.
A fairly wide range of Intel desktop, mobile and server processors, starting with the Sandy Bridge family, is subject to attack.
On AMD CPU-based systems, the RAPL interface has been around since the Zen family, but Linux kernel drivers only allow unprivileged access to AMD Rome CPU statistics.
The attack can potentially be applied to ARM processors, which have their own systems to collect metrics on power changes, and the Marvell and Ampere chip controllers provide unprivileged access to the sensors, but a detailed analysis of the possibility of implementing an attack for such devices.
Finally, if you are interested in knowing more about it about the new attack type «PLATYPUS», you can check the details In the following link.