Security News > 2021 > March > Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors.
While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs, the new attack leverages a contention on the ring interconnect.
To test their hypothesis, the researchers reverse-engineered the ring interconnect's protocols to uncover the conditions for two or more processes to cause a ring contention, in turn using them to build a covert channel with a capacity of 4.18 Mbps, which the researchers say is the largest to date for cross-core channels not relying on shared memory, unlike Flush+Flush or Flush+Reload. "Importantly, unlike prior attacks, our attacks do not rely on sharing memory, cache sets, core-private resources or any specific uncore structures," Riccardo Paccagnella, one of the authors of the study, said.
Observing that a ring stop always prioritizes traffic that is already on the ring over new traffic entering from its agents, the researchers said a contention occurs when existing on-ring traffic delays the injection of new ring traffic.
Specifically, "An attacker with knowledge of our reverse engineering efforts can set itself up in such a way that its loads are guaranteed to contend with the first process' loads, abuses mitigations to preemptive scheduling cache attacks to cause the victim's loads to miss in the cache, monitors ring contention while the victim is computing, and employs a standard machine learning classifier to de-noise traces and leak bits."
In response to the disclosures, Intel categorized the attacks as a "Traditional side channel," which refers to a class of oracle attacks that typically take advantage of the differences in execution timing to infer secrets.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)