The update restricts access to the RAPL interface only to apps with elevated privileges, making attacks harder to pull off from inside low-level apps. The Linux kernel has also shipped an update. The chipmaker has released today microcode (CPU firmware) updates to block Platypus attacks, which the company has made available to industry partners to include in their products’ next security updates. Intel has also confirmed that some mobile and embedded CPUs are also impacted. Platypus works against Intel server, desktop, and laptop CPUs. Attacks on Windows and macOS are also possible, but in these cases, the Intel Power Gadget app must be installed on the attacked devices to allow the attackers to interact with the RAPL interface. This is because the Linux kernel ships with the powercap framework, a universal driver for interacting with RAPL interfaces and other power capping APIs, allowing easy reads of power consumption values. However, Platypus allows an attacker to bypass all these security systems by looking at variations in power consumption values.Īccording to the research team, Platypus attacks work on Linux systems the best. These can be encryption keys, passwords, sensitive documents, or any other type of information.Īccessing this kind of data is normally protected by a slew of security systems, such as kernel address space layout randomization (KASLR) or hardware-isolated trusted execution environments (TEEs), like Intel SGX. Attackers could observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values – data loaded in the CPU. The Platypus attack can be used to determine what data is being processed inside a CPU by looking at values reported via the RAPL interface. RAPL, which effectively lets firmware and software apps read how much electrical power a CPU is pulling in to perform its tasks, is a system that has been used for years to track and debug application and hardware performance. RAPL, which stands for Running Average Power Limit, is a component that allows firmware or software applications to monitor power consumption in the CPU and DRAM. The attack targets the RAPL interface of Intel processors. This is also an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets”.
Nice name, right? The attack technique has been named after the platypus animal’s ability to sense electrical current with its bill. Platypus is a new attack method that can extract data from Intel CPUs. New Platypus attack can steal data from Intel CPUs
0 kommentar(er)
