Security News > 2021 > March > Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors.
While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs, the new attack leverages a contention on the ring interconnect.
To test their hypothesis, the researchers reverse-engineered the ring interconnect's protocols to uncover the conditions for two or more processes to cause a ring contention, in turn using them to build a covert channel with a capacity of 4.18 Mbps, which the researchers say is the largest to date for cross-core channels not relying on shared memory, unlike Flush+Flush or Flush+Reload. "Importantly, unlike prior attacks, our attacks do not rely on sharing memory, cache sets, core-private resources or any specific uncore structures," Riccardo Paccagnella, one of the authors of the study, said.
Observing that a ring stop always prioritizes traffic that is already on the ring over new traffic entering from its agents, the researchers said a contention occurs when existing on-ring traffic delays the injection of new ring traffic.
Specifically, "An attacker with knowledge of our reverse engineering efforts can set itself up in such a way that its loads are guaranteed to contend with the first process' loads, abuses mitigations to preemptive scheduling cache attacks to cause the victim's loads to miss in the cache, monitors ring contention while the victim is computing, and employs a standard machine learning classifier to de-noise traces and leak bits."
In response to the disclosures, Intel categorized the attacks as a "Traditional side channel," which refers to a class of oracle attacks that typically take advantage of the differences in execution timing to infer secrets.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)