Security News > 2023 > August > New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak.
The main concept of Collide+Power is to leak data from measured CPU power consumption values when a data "Collision" between the attacker's dataset and data sent by other applications to overwrite the former happens in CPU cache memory.
Collide+Power comprises two variants that create data collisions between the user's sensitive data and the attacker's data inside the CPU cache.
The second variant abuses the "Prefetch gadget" in the OS to load the target data onto the CPU cache and collide it with the attacker's data without involving the victim.
Despite the potentially broad impact, the developers of the attack clearly state that users "Do not need to worry" about it as the data leakage rates are relatively low, and the attack requires lengthy physical access to the target device as well as specialized knowledge to carry out.
As for mitigating the problem, the Graz team says data collisions are complicated to address given the prevalence of specific design techniques underpinning almost all modern CPUs, constituting the basis for Collide+Power.
News URL
Related news
- ChatGPT side-channel attack has easy fix: token obfuscation (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)