Security News > 2020 > November > PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption
Researchers have disclosed the details of a new side-channel attack method that can be used to obtain sensitive information from a system by observing variations in the processor's power consumption.
The PLATYPUS attack relies on having access to Intel's Running Average Power Limit, a feature introduced by the company with the Sandy Bridge microarchitecture and which is designed for monitoring and controlling the CPU and DRAM power consumption.
The PLATYPUS attack uses the RAPL interface instead of an oscilloscope to monitor power consumption.
The researchers demonstrated that an attacker could use the PLATYPUS method to recover encryption keys from an Intel SGX enclave, which is designed to protect data even if the operating system has been compromised.
While there is no indication that a PLATYPUS attack has been launched in the real world, Intel has decided, as an additional precaution, to issue new attestation keys to platforms that implemented mitigations.
News URL
Related news
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)