Security News > 2020 > June > CrossTalk: First Speculative Execution Attack Allowing Data Leaks Across Intel CPU Cores
Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland.
They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.
The vulnerability, dubbed CrossTalk by the researchers and special register buffer data sampling by Intel, is related to the Microarchitectural Data Sampling flaws disclosed last year.
Exploitation works even against apps running in Intel SGX enclaves, which should protect data against attacks.
"With CrossTalk, we discovered that various instructions perform offcore requests to read data from a staging buffer shared between all the CPU cores. We observed that the staging buffer contains sensitive data, including the output of the hardware digital random number generator, and that such data can be leaked across cores using RIDL attacks," the researchers explained.
News URL
Related news
- Brain Cipher claims attack on Olympic venue, promises 300 GB data leak (source)
- GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks (source)
- Toyota confirms breach after stolen data leaks on hacking forum (source)
- Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data (source)
- New PIXHELL acoustic attack leaks secrets from LCD screen noise (source)
- Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations (source)
- A data leak and a data breach (source)
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)