Intel CPUs vulnerable to 'Platypus' side-channel attacks

Researchers discover exploits that use fluctuations in software power consumption to access sensitive data

An international team of security researchers, including experts from the University of Birmingham, have discovered new vulnerabilities in Intel processors that make it possible to access sensitive data using power side-channel attacks.

This category of attacks, dubbed PLATYPUS, exploits fluctuations in a device’s power consumption to extract sensitive data such as cryptographic keys.

These attacks were often difficult to execute as they required accurate power measurements which were difficult to execute using malware. That is why attackers were known to require physical access to the target device, as well as specific measurement tools - such as an oscilloscope.

However, new research by the Graz University of Technology, which partnered with the University of Birmingham and the Helmholtz Center for Information Security (CISPA), uncovers a method that makes it possible to access sensitive data using power side-channel attacks with unprecedented accuracy – even without physical access.

Intel processors were found to be vulnerable to the attacks in two different approaches: by configuring the RAPL (Running Average Power Limit) interface in a way that power consumption can be logged without administrative rights, as well as by moving data and critical programmes by misusing Intel's Software Guard Extensions (SGX) security function.

The researchers then combined these two techniques and, using a compromised operating system targeting Intel SGX, made the processor execute certain instructions tens of thousands of times within an SGX enclave, an isolated environment where data and critical programmes are secure. They then measured the power consumption of each of these commands using the RAPL interface, and the fluctuations in the measured values made it possible for them to reconstruct data and cryptographic keys.

Dr David Oswald, senior lecturer in Cyber Security at the University of Birmingham, said that “PLATYPUS attacks show that power side channels – which were previously only relevant to small embedded devices like payment cards – are a relevant threat to processors in our laptops and servers". 

"Our work connects the dots between two research areas and highlights that power side channel leakage has much wider relevance than previously thought," he added.

The researchers informed Intel about their findings in November 2019, and the company has since patched the vulnerabilities with their security updates. Those interested in seeing a demonstration of the method on devices including Intel and AMD desktop PCs, laptops, and cloud computing servers can view it here

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021