PLATYPUS: a new threat affecting Intel and AMD CPUs

by | Nov 13, 2020

ETIQUETAS: Hot news | Security

A new side channel attack threatens Intel and AMD CPUs. It has been discovered by a group of Austrian researchers from the Graz University of Technology. They have called it PLATYPUS and it allows exploiting variations in processor power consumption to access confidential data. One of the characteristics that differentiate this attack from other similar ones is that it does not require physical access to the server, desktop or laptop.

This vulnerability opens the door for an unprivileged user to steal data by reconstructing the information received through the RAPL power monitoring interface. This interface is included in the Intel CVE-2020-8694, CVE-2020-8695 and AMD CVE-2020-12912 processors.

Linux operating systems are more vulnerable to PLATYPUS, as the kernel’s Powercap framework allows users without administrator permissions to access RAPL counters. In this way, CPU and DRAM consumption is exposed to possible tracing. Carrying out this attack on Windows and macOS systems requires additional effort, as the Inter Power Gadget package needs to be installed, which requires privileged access.

Both Intel and AMD, as well as the developers of the Xen hypervisor, have already released patches to prevent their products from being affected by this attack.

More information at this link.

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.

How to avoid issues with virtual machines

Virtualization comes with a wide range of benefits for organizations. It helps cut IT costs and reduces downtime while increasing efficiency and productivity. It also increases the resiliency of networks, primarily when disasters occur, and promotes more green-friendly operations.

However, using virtual machines also comes with a set of downsides. Information security may get compromised, workloads mixed up, separation duties lost, among other issues. It is vital to know how you can get over these problems, and that’s what this article will discuss.

Let’s get started.

Archives


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content