Security News > 2020 > November > One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts
Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory.
The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.
With privileged access, the Platypus team claim they can recover RSA private keys from an Mbed TLS implementation within 100 minutes by inferring the instructions executed inside an SGX enclave, and can derandomize kernel address space layout randomization in 20 seconds by observing power consumption variance between valid and invalid kernel addresses.
"Today, we published INTEL-SA-0389 providing details and mitigation guidance to protect against potential information leakage from Intel SGX using the Running Average Power Limit Interface which is provided by most modern processors," an Intel spokesperson said in a statement provided to The Register.
An update to the Linux powercap driver has been devised to limit unprivileged access to the Intel RAPL MSRs. On macOS and Windows, access to the Intel RAPL requires the installation of the Intel Power Gadget, so neither of those two operating systems have to mount a native defense against Platypus.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/11/10/intel_sgx_side_channel/