Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical
Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret
Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very slowly.
The attack, referred to as Collide+Power, relies on analyzing processor power usage to determine the contents of CPU cache memory. It has the potential to expose encryption keys and other reasonably short identifiers if an attacker has persistent access to the victim's hardware, or to a cloud computing environment that shares hardware among tenants.
The technique is described in a paper, scheduled to be published on Tuesday, titled "Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels." Collide+Power relies on measuring how power usage varies when processing known data from the attacker and unknown data from the victim, and then inferring the unknown data from differences in those measurements.
The method involves filling a CPU cache set with attacker-controlled data and then forcing the victim data to overwrite it. Because power usage varies with the number of bits that need to be changed, the attacker can repeat this process by altering known attacker-controlled values and re-measuring the power usage over and over to determine the victim's secret.
"Our central observation is that the mere co-location of data values, eg: attacker and victim data in buffers and caches, in modern CPUs introduces subtle but exploitable power leakage that depends on the combination of both values," the authors, from Graz University of Technology and CISPA Helmholtz Center for Information Security, explain.
Unlike similar side-channel attacks like PLATYPUS and Hertzbleed, which require specific knowledge of the cryptographic algorithms running on the victim's machine, Collide+Power is claimed to be a generic attack that works on any modern CPU which allows co-location of attacker and victim data in the same memory cache space.
In contrast to attacks that rely on specific microarchitectural structures, such as Spectre, the researchers claim that Collide+Power is more similar to Rowhammer arises from fundamental physical properties of the CPU, and thus will be challenging to mitigate.
- Robot can rip the data out of RAM chips with chilling technology
- Fed-up Torvalds suggests disabling AMD's 'stupid' performance-killing fTPM RNG
- Intel says Friday's mystery 'security update' microcode isn't really a security update
- Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
But patience is required. Collide+Power comes in two flavors: slow and glacial. The first variant, dubbed MDS-Power because it is related to Microarchitectural Data Sampling, can steal data at a rate of 4.82 bits per hour from "another security domain co-located on a sibling hardware thread" – hyperthreading must be active. But make sure you bring snacks if you're planning to steal a private key from a cloud vendor: using this technique, it would take more than a month to reveal someone's 4,096-bit RSA key.
Mitigating the MDS-Power variant "is as simple as forbidding access to [Intel's RAPL power measurement] interface," explained Andreas Kogler, a doctoral student at Graz University, in an email to The Register.
Getting glacial at this point
The second variant, dubbed Meltdown-Power because it is related to the infamous Meltdown vulnerability, is slower still, leaking data at 0.136 bits per hour.
Under real-world conditions, the way memory prefetching works means the attack is slower still. The researchers estimate it would require 2.86 years to get a single bit from the kernel if this approach were actually deployed.
"However, this low security risk might drastically change if new architectural or microarchitectural ways of prefetching victim data in co-location with attacker-controlled data are discovered," the researchers suggest.
The computer scientists disclosed their findings to AMD, Arm, and Intel, which have assigned the identifier CVE-2023-20583 to the vulnerability. AMD's advisory (AMD-SB-7006), we're told, rates the severity as low. The Arm advisory is expected to be published on its website.
"Intel has evaluated this research and determined new mitigations are not required," a spokesperson told The Register, pointing to Intel's advisories issued in response to the PLATYPUS and Hertzbleed attacks. "Existing features in Intel products and guidance for mitigating power side-channel attacks are effective in this and other known cases."
Source code for Collide+Power is expected to be posted on GitHub. ®