Monday, April 12, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
in Internet Privacy
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors.

Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.

You might also like

Hackers Tampered With APKPure Store to Distribute Malware Apps

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

Alert — There’s A New Malware Out There Snatching Users’ Passwords

While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (e.g., Meltdown and Spectre), the new attack leverages a contention on the ring interconnect.

SoC Ring interconnect is an on-die bus arranged in a ring topology which enables intra-process communication between different components (aka agents) such as the cores, the last level cache (LLC), the graphics unit, and the system agent that are housed inside the CPU. Each ring agent communicates with the ring through what’s called a ring stop.

To achieve this, the researchers reverse-engineered the ring interconnect’s protocols to uncover the conditions for two or more processes to cause a ring contention, in turn using them to build a covert channel with a capacity of 4.18 Mbps, which the researchers say is the largest to date for cross-core channels not relying on shared memory, unlike Flush+Flush or Flush+Reload.

“Importantly, unlike prior attacks, our attacks do not rely on sharing memory, cache sets, core-private resources or any specific uncore structures,” Riccardo Paccagnella, one of the authors of the study, said. “As a consequence, they are hard to mitigate using existing ‘domain isolation’ techniques.”

Observing that a ring stop always prioritizes traffic that is already on the ring over new traffic entering from its agents, the researchers said a contention occurs when existing on-ring traffic delays the injection of new ring traffic.

http://thehackernews.com/

Armed with this information, an adversary can measure the delay in memory access associated with a malicious process due to a saturation of bandwidth capacity caused by a victim process’ memory accesses. This, however, necessitates that the spy process consistently has a miss in its private caches (L1-L2) and performs loads from a target LLC slice.

In doing so, the repeated latency in memory loads from LLC due to ring contention can allow an attacker to use the measurements as a side-channel to leak key bits from vulnerable EdDSA, and RSA implementations as well as reconstruct passwords by extracting the precise timing of keystrokes typed by a victim user.

Specifically, “an attacker with knowledge of our reverse engineering efforts can set itself up in such a way that its loads are guaranteed to contend with the first process’ loads, […] abuses mitigations to preemptive scheduling cache attacks to cause the victim’s loads to miss in the cache, monitors ring contention while the victim is computing, and employs a standard machine learning classifier to de-noise traces and leak bits.”

The study also marks the first time a contention-based microarchitectural channel has been exploited for keystroke timing attacks to infer sensitive data typed by the victim.

In response to the disclosures, Intel categorized the attacks as a “traditional side channel,” which refers to a class of oracle attacks that typically take advantage of the differences in execution timing to infer secrets.

The chipmaker’s guidelines for countering timing attacks against cryptographic implementations recommend adhering to constant time programming principles by ensuring that —

  • Runtime is independent of secret values
  • The order in which the instructions are executed (aka code access patterns) are independent of secret values, and
  • The order in which memory operands are loaded and stored (data access patterns) are independent of secret values

Additional guidance on safe development practices to mitigate traditional side-channel attacks can be found here. The source code to reproduce the experimental setup detailed in the paper can be accessed here.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

How to Begin Using DevSecOps for your Team

Next Post

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

Related Posts

Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
Internet Privacy

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

April 10, 2021
Alert — There’s A New Malware Out There Snatching Users’ Passwords
Internet Privacy

Alert — There’s A New Malware Out There Snatching Users’ Passwords

April 10, 2021
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Internet Privacy

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

April 9, 2021
Gigaset Android Update Server Hacked to Install Malware on Users’ Devices
Internet Privacy

Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

April 9, 2021
Next Post
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

An overview of Augmented reality applications and their future impact on AI
Data Science

An overview of Augmented reality applications and their future impact on AI

April 12, 2021
IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory
Machine Learning

IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027
Data Science

Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027

April 12, 2021
Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”
Machine Learning

Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”

April 12, 2021
Interpretive Analytics in One Picture
Data Science

Interpretive Analytics in One Picture

April 12, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • An overview of Augmented reality applications and their future impact on AI April 12, 2021
  • IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory April 12, 2021
  • Ransomware: The internet’s biggest security crisis is getting worse. We need a way out April 12, 2021
  • Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027 April 12, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates