Sunday, December 22, 2024
HomeCyber Security NewsNew Collide+Power Exploit Let Attacker Steal Sensitive Data From All Modern CPUs

New Collide+Power Exploit Let Attacker Steal Sensitive Data From All Modern CPUs

Published on

SIEM as a Service

The build and shared components on the CPUs are exploited by a method called Collide+Power. This attack vector does not target specific programs but the hardware itself.

Advanced software-based power side channels echoed the discovery of Meltdown and Spectre vulnerability, which leaked actual data values through underlying hardware.

The core causes of this vulnerability are the shared CPU components like internal memory systems.

- Advertisement - SIEM as a Service

Combining the data from the attacker and other application data results in combined leakage signals in the power consumption.

There have been two attack scenarios that belonged to the Collide+Power category.

The first attack breaks the isolation of CPU hyperthreads, and the second attack which breaks the isolation between user programs and the operating system

In addition, this attack technique can boost any power-related side channel signal like RAPL (PLATYPUS) or frequency throttling (Hertzbleed).

Working of Collide+Power

For instance, the attacker fills the targeted CPU component, like the CPU cache, with attacker-controlled data. Then, the attacker forces the victim’s data to overwrite the attacker-controlled data, which results in the collision of data with the victim’s secret.

Since CPUs are designed to consume power as per the data usage, the collision results in a large number of iterations in the overwriting process. Finally, the attacker can get the exact secret value of the victim.

There were two variants in the Collide+Power variants, 


Variant 1: The victim program constantly accesses important secret data like decryption keys to encrypt or decrypt a large chunk of data. This attack variant requires hyperthreading to be enabled.

Variant 2: In this attack variant, the attacker used a prefetch gadget in the operating system to bring arbitrary data into the shared CPU component, which can be extracted using the data collisions. This attack variant has reduced leakage rates but does not require hyperthreading.

Several CVEs were discovered in the past, which include CVE-2020-8694, CVE-2020-8695, CVE-2022-23823, and CVE-2022-24436. However, a recent vulnerability was discovered on AMD CPUs which was reported and fixed.

CVE-2023-20583: Software-based Power Side Channel on AMD CPUs

An attacker can exploit this vulnerability in AMD processors to monitor CPU power consumption since the data in the cache line changes over time which can result in the leakage of sensitive data. The CVSS score for this vulnerability is yet to be confirmed.

AMD has released a security advisory for addressing this vulnerability.

A complete report has been published regarding this new discovery which provides detailed information regarding the threat vectors, mitigations, and others.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...