Kungiyar masu bincike daga Jami'ar Fasaha ta Graz (Austria), a da sananne don haɓaka hanyoyin kai hari zuwa MDS, NetSpectre, Throwhammer da ZombieLoad, sanar kwanan nan labarin cewa suna haɓaka sabuwar hanyar kai hari ta hanyar tashar hanya, mai suna "PATYPUS".
Harin yana ba da damar sake gina bayanan ƙididdiga bisa ga bayanin da aka karɓa ta mai amfani da ba shi da gata ta hanyar amfani da tsarin lura da karfin RAPL wanda aka bayar akan Intel na zamani (CVE-2020-8694, CVE-2020-8695) da kuma masu sarrafa AMD (CVE-2020-12912).
Game da PLATYPUS
Masu binciken sun sami damar nuna cirewar Intel SGX enclave daga maɓallin RSA mai zaman kansa amfani dashi don ɓoyewa ta amfani da laburaren TLS mbed, kazalika da mabuɗan AES da aka yi amfani da su don ɓoye AES-NI a matakin kernel na Linux.
Har ila yau, ya nuna cewa ana iya amfani da hari don kewaye hanyoyin kariya da kuma ƙayyade sigogin bazuwar sararin adireshi (KASLR) yayin amfani da rauni daban-daban.
Harin ya dogara ne akan hawa da sauka a cikin amfani da wutar CPU lokacin aiwatar da wasu umarnin processor, sarrafa ayyuka daban-daban, da kuma dawo da bayanai daga ƙwaƙwalwa, wanda ke ba da damar yanke hukunci kan yanayin bayanan da aka ɗora. Sabanin hanyoyin kai hari irin wannan da aka kirkira a baya wanda ke nazarin saurin hawa lantarki, PLATYPUS baya buƙatar samun damar jiki ga kayan aiki da haɗin oscilloscope, amma damar amfani da RAPL interface (Aayyadaddun Powerimar )arfi) yana kan masu sarrafa Intel da AMD, farawa da Sandy Bridge da dangin Zen.
Muna amfani da damar shiga mara izini zuwa haɗin Intel RAPL ta hanyar fallasa ƙarfin sarrafa mai sarrafawa don ƙididdigar bayanai da kuma cire mabuɗan ɓoye.
Matsalar ta taɓarɓare saboda gaskiyar cewa tsarin ikon ikon da aka ƙara cikin kernel na Linux yana ba da damar yin amfani da ƙididdigar RAPL ga masu amfani da ba dama, wanda ke ba da damar bin hanyar CPU da DRAM. A kan Windows da macOS, harin yana buƙatar shigar da kunshin Intel Power Gadget (wannan kunshin yana buƙatar samun dama).
Hannun yana fuskantar matsala ta ƙarancin ƙudurin auna, wanda bai dace da daidaiton da aka samu tare da oscilloscope ba. Musamman, RAPL na iya ɗaukar karatu a kilohertz 20 da ƙimar mizani, yayin da oscilloscope na iya ɗaukar awo a gigahertz da yawa. Koyaya, daidaito na RAPL ya zama ya isa ya cire bayanai daga kwararar umarnin gabaɗaya game da aiwatar da umarnin da aka maimaita tare da bayanai daban-daban ko ayyuka.
Kamfanoni Intel da AMD sun saki lambar direba da aka sabunta don Linux, inda aka keɓance damar RAPL ga tushen mai amfani. Masu haɓaka Xen hypervisor sun kuma fito da wani bayani wanda ke toshe damar RAPL daga tsarin baƙi.
A lokaci guda, iyakance hanyoyin isa bai isa ya toshe hare-hare a wuraren ba Intel SGX wanda za a iya aiwatarwa ta maharan waɗanda suka sami damar samun dama ga tsarin.
Don kariya daga wadannan hare-haren, Nintel ya kuma sake sabunta microcode, wanda kuma yake gyara wasu raunin da yawa wadanda zasu iya haifar da karya bayanai. A cikin duka, sabuntawar Nuwamba na Intel ya gyara raunin 95 a cikin samfuran daban-daban.
A fairly m kewayon Intel tebur, wayar hannu da masu sarrafawa, farawa tare da dangin Sandy Bridge, batun kai hari.
A kan tsarin AMD CPU, tsarin RAPL ya kasance tun lokacin dangin Zen, amma direbobin kernel na Linux kawai suna ba da damar shiga mara izini ga ƙididdigar AMD Rome CPU.
Ana iya amfani da harin ga masu sarrafa ARM, waɗanda ke da nasu tsarin don tattara ma'auni akan canje-canjen wutar lantarki, kuma Marvell da direbobin guntu na Ampere suna ba da damar ba da izini ga na'urori masu auna sigina, amma cikakken bayani game da yiwuwar aiwatar da hari ga irin waɗannan na'urori.
A ƙarshe, idan kuna sha'awar ƙarin sani game da shi game da sabon nau'in harin «PLATYPUS», zaku iya bincika bayanan A cikin mahaɗin mai zuwa.