Security News > 2020 > November > PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption
Researchers have disclosed the details of a new side-channel attack method that can be used to obtain sensitive information from a system by observing variations in the processor's power consumption.
The PLATYPUS attack relies on having access to Intel's Running Average Power Limit, a feature introduced by the company with the Sandy Bridge microarchitecture and which is designed for monitoring and controlling the CPU and DRAM power consumption.
The PLATYPUS attack uses the RAPL interface instead of an oscilloscope to monitor power consumption.
The researchers demonstrated that an attacker could use the PLATYPUS method to recover encryption keys from an Intel SGX enclave, which is designed to protect data even if the operating system has been compromised.
While there is no indication that a PLATYPUS attack has been launched in the real world, Intel has decided, as an additional precaution, to issue new attestation keys to platforms that implemented mitigations.
News URL
Related news
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)