back to article Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical

Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very slowly. The attack, referred to as Collide+Power, relies on analyzing processor power usage to determine the contents of CPU cache memory. It has the potential to expose encryption …

  1. J. Cook Silver badge
    FAIL

    It has the potential to expose encryption keys and other reasonably short identifiers if an attacker has persistent access to the victim's hardware

    If they've managed to get to the hardware, why not just ask the hardware directly for the data instead of setting up this drip feed method?

    Utterly impractical, and I can't believe I've just wasted five minutes typing out this rebuttal.

    1. gnasher729 Silver badge

      It sounds like the CPU itself can provide information about power usage, so you don’t need to be in control of the physical computer.

  2. Justthefacts Silver badge

    Not necessarily impractical

    The point isn’t the specific probe these researchers used to monitor the leak-path. It’s that data can be leaked at all from *physical attributes* of the cache. In other words, simply invalidating the cache (a known mitigation for timing attacks) does not wipe the potential leak-path, because that only zeros the valid-bit of the cache line, not the data itself. Reading the CPUs power management registers is only *one* way to acquire the data - the most obvious, but certainly not the best.The slowness of the attack is due to being able to read the power management API only every 1 millisecond. There are other physical probes that don’t have that limit.

    Then it just becomes a game of finding some other apparently-benign physical sensor that is indirectly affected by power. For example: if the CPU power supply decoupling isn’t perfect, then maybe some LED intensity varies slightly with CPU load. Then the selfie-cam might pick up strobing in the video image. And now giving access to your camera may implicitly give access to encryption keys. There’s at least a dozen known variants of this sort of thing, if you know how to chain them.

  3. amanfromMars 1 Silver badge

    Who Dares Win Wins with AI and Secret Advanced IntelAIgently Resourced Services aka Alien Forces ‽

    The method involves filling a CPU cache set with attacker-controlled data and then forcing the victim data to overwrite it. Because power usage varies with the number of bits that need to be changed, the attacker can repeat this process by altering known attacker-controlled values and re-measuring the power usage over and over to determine the victim's secret.

    And whenever the shared attacker-controlled data does not cause/trigger the victim data to overwrite it, is it a stealthy Remote Access Trojan attack permitting further undiscovered intrusion/infection/detection of victim's secrets.

    And whether to be eventually recognised or inevitably suffered as a virtually benign or malignant cancerous type growth, easily fixed or terminal and inoperable, fully dependent upon the discovered intended future direction of the victim's secret travel/application.

    Such is in a current extremely ACTive surreal state of rapidly evolving and expanding revolutionary Greater IntelAIgent Games Play and a presently available facility/utility/ability for Future Builder Contractors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like