Security News > 2023 > August > Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs.

"Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers," Daniel Moghimi, senior research scientist at Google, said.

" allow an attacker to violate the software-hardware boundary established in modern processors," Tavis Ormandy and Moghimi noted.

Coinciding with Downfall is Inception, a transient execution attack that leaks arbitrary kernel memory on all AMD Zen CPUs, including the latest Zen 4 processors, at a rate of 39 bytes/s.

Rounding off the side-channel attacks is an unconventional software-based method dubbed Collide+Power, which works against devices powered by all processors and could be abused to leak arbitrary data across programs as well as from any security domain at a rate of up to 188.80 bits/h.

"The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption," a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security said.

News URL

https://thehackernews.com/2023/08/collidepower-downfall-and-inception-new.html