Intel CPUs running on various devices can leak data with power consumption fluctuations. Researchers have devised the PLATYPUS attack that exploits this issue to steal cryptographic keys.
PLATYPUS Attack Can Steal Data From Intel CPUs
A team of academic researchers has shared an interesting study about how Intel CPUs can leak data to an adversary.
Specifically, they have devised an attack strategy dubbed PLATYPUS, which an adversary may use to extract information from Intel devices.
PLATYPUS is actually an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets”. As the term already hints, the attack strategy actually exploits the power consumption differences to steal secret data, such as cryptographic keys.
In brief, PLATYPUS attack is a side-channel attack targeting Intel CPUs. However, what is different here is that the PLATYPUS attack can execute remotely via software. This attack does not require physical access to the target device.
An attacker can monitor the power consumption changes by exploiting Intel’s RAPL (Running Average Power Limit) interface. RAPL apparently serves as a power meter allowing the user to monitor and manage the power consumption in the DRAM and CPU via software.
Since the driver implementation specified no user privilege for accessing RAPL, it became possible for an adversary to exploit the feature for stealing secrets from Intel’s security enclaves.
As stated by the researchers,
We demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values. PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel.
The following two videos demonstrate breaking KASLR and attacking the AES-NI respectively.
Patches Rolling Out Gradually
According to the researchers, PLATYPUS attack can target all Intel devices regardless of the underlying operating system.
It means that these attacks also threaten Linux systems.
However, following the researchers’ report, Intel has worked to develop a patch.
As per their security advisory, Intel has patched two different vulnerabilities (CVE-2020-8694 and CVE-2020-8695) that could lead to PLATYPUS attack.
Alongside releasing the fix, they have also confirmed no exploitation of the bugs in the wild.
The researchers have set up a dedicated website to describe the technical details of PLATYPUS. Moreover, they have also shared a research paper elaborating on their findings.