A new side-channel attack method that can lead to data
leakage works against nearly any modern CPU, but we’re unlikely to
see it being used in the wild any time soon.
The research was conducted by a group of eight researchers
representing the Graz University of Technology in Austria and the
CISPA Helmholtz Center for Information Security in Germany. Some of
the experts involved in the research discovered the notorious
Spectre and Meltdown
vulnerabilities, as well as several other side-channel attack
methods.
The new attack, dubbed Collide+Power, has been
compared to Meltdown and a type of vulnerability named
Microarchitectural Data Sampling (MDS).
Collide+Power is a generic software-based attack that works
against devices powered by Intel, AMD or Arm processors and it’s
applicable to any application and any type of data. The chipmakers
are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.
However, the researchers pointed out that Collide+Power is not
an actual processor vulnerability — it abuses the fact that some
CPU components are designed to share data from different security
domains.
An attacker can leverage such shared CPU components to combine
their own data with data from user applications. The attacker
measures CPU power consumption over thousands of iterations while
changing the data they control, which enables them to determine the
data associated with the user applications.
An unprivileged attacker — for instance, by using malware
planted on the targeted device — can leverage the Collide+Power
attack to obtain valuable data such as passwords or encryption
keys.
The researchers noted that the Collide+Power attack enhances
other power side-channel signals, such as the ones used in the
PLATYPUS and Hertzbleed
attacks.
“Previous software-based power side-channels attacks like
PLATYPUS and Hertzbleed target cryptographic algorithms and needed
precise knowledge of the algorithm or victim program executed on
the target machine. In contrast, Collide+Power targets the CPU
memory subsystem, which abstracts the precise implementation away
as all programs require the memory subsystem in some way.
Furthermore, any signal reflecting the power consumption can be
used due to the fundamental physical power leakage exploited by
Collide+Power,” they explained.
The researchers have published a paper detailing their work, as
well as a dedicated Collide+Power website that
summarizes the findings.
They describe two variants of the Collide+Power attack. In the
first variant, which requires hyperthreading to be enabled, the
attack targets data associated with an application that constantly
accesses secret data, such as an encryption key.
“The victim constantly reloads the secret into the targeted and
shared CPU component during this process. An attacker running on a
thread on the same physical core can now use Collide+Power to force
collisions between the secret and attacker-controlled data,” the
researchers explained.
The second variant of the attack does not require hyperthreading
and it does not require the target to constantly access secret
data.
“Here an attacker exploits a so-called prefetch-gadget within
the operating system. This prefetch gadget can be used to bring
arbitrary data into the shared CPU component and again force data
collisions and recover the data,” the experts said.
While in theory the attack method could have significant
implications, in practice the data leakage rates are relatively low
and the method is unlikely to be exploited in the wild against end
users any time soon.
The researchers have managed to achieve a data leakage rate of
4.82 bits per hour in a scenario where the targeted application
constantly accesses secret information and the attacker can
directly read the power consumption of the CPU via the Running
Average Power Limit (RAPL) interface, which directly reports a
CPU’s power consumption. At this rate, it would take the attacker
several hours to obtain a password and several days to obtain an
encryption key.
In special circumstances, the researchers found that an attacker
could achieve much higher data leakage rates, up to 188
bits/h.
“An attacker could achieve the 188 bits/h leakage rate depending
on the targeted application and the secret representation in
memory. For example, if the key or password is in a cache line
multiple times,” Andreas Kogler, one of the TU Graz researchers
involved in the project, told SecurityWeek.
On the other hand, in real-world attack simulations, the
researchers encountered practical limitations that significantly
lowered leakage rates — more than one year per bit with
throttling.
Despite the relatively small risk that the attack poses today,
the Collide+Power research highlights potential issues and paves
the way for future research.
As for mitigations, preventing such data collisions at the
hardware level is not an easy task and would require the redesign
of general-purpose CPUs. On the other hand, attacks can be
prevented by ensuring attackers cannot observe power-related
signals — this type of mitigation applies to all power side-channel
attacks.
Related: AMD CPU Vulnerability ‘Zenbleed’ Can Expose
Sensitive Information
Related: Chipmaker Patch Tuesday: Intel, AMD Address Over
100 Vulnerabilities
