July 26, 2020

1126 words 6 mins read

Intel CPUs vulnerable to Platypus side-channel attacks

Intel CPUs vulnerable to Platypus side-channel attacks

An international team of security researchers, including experts from the University of Birmingham, have discovered new vulnerabilities in Intel processors that make it possible to access sensitive data using power side-channel attacks. This category of attacks, dubbed PLATYPUS, exploits fluctuations in a device’s power consumption to extract sensitive data such as cryptographic keys. These attack

s were often difficult to execute as they required accurate power measurements which were difficult to execute using malware. That is why attackers were known to require physical access to the target device, as well as specific measurement tools - such as an oscilloscope. SEE MORE Intel buys data science startup Cnvrg.io SEE MORE UK businesses make cyber security a priority in light of COVID-19 SEE MORE How good is your backup, really? However, new research by the Graz University of Technology, which partnered with the University of Birmingham and the Helmholtz Center for Information Security (CISPA), uncovers a method that makes it possible to access sensitive data using power side-channel attacks with unprecedented accuracy – even without physical access. Intel processors were found to be vulnerable to the attacks in two different approaches: by configuring the RAPL (Running Average Power Limit) interface in a way that power consumption can be logged without administrative rights, as well as by moving data and critical programmes by misusing Intel’s Software Guard Extensions (SGX) security function. The researchers then combined these two techniques and, using a compromised operating system targeting Intel SGX, made the processor execute certain instructions tens of thousands of times within an SGX enclave, an isolated environment where data and critical programmes are secure. They then measured the power consumption of each of these commands using the RAPL interface, and the fluctuations in the measured values made it possible for them to reconstruct data and cryptographic keys. Dr David Oswald, senior lecturer in Cyber Security at the University of Birmingham, said that “PLATYPUS attacks show that power side channels – which were previously only relevant to small embedded devices like payment cards – are a relevant threat to processors in our laptops and servers".  “Our work connects the dots between two research areas and highlights that power side channel leakage has much wider relevance than previously thought,” he added. The researchers informed Intel about their findings in November 2019, and the company has since patched the vulnerabilities with their security updates. Those interested in seeing a demonstration of the method on devices including Intel and AMD desktop PCs, laptops, and cloud computing servers can view it here.

Date: 2020-11-10

URL: http://feeds.itpro.co.uk/~r/ITPro/Today/~3/ZIegkXDhlnU/intel-cpu-platypus-side-channel-attacks-discovered

itpro.co.uk
Build a greenhouse monitor with a Raspberry Pi (2020-12-04) The Raspberry Pi Sense Hat is a versatile add-on with sensors for temperature humidity pressure orientation and direction and there are numerous examples of how it can be used online The European Space Agency has even sent two of them to the International Space Station for conducting experiments in weightless environments Here at IT Pro were a little more down to earth To showcase the Sense Hats c..
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate (2020-11-25) You wouldnt begrudge Huawei if it celebrated Donald Trumps election defeat given the damage his administrations sanctions have caused The Chinese firm is now on its third smartphone without Google Play services and its sales in the west are starting to lag There is no guarantee that the new president-elect Joe Biden will lift the sanctions but Huawei remains undaunted Its continuing to invest heav..
How to move Windows 10 from your old hard drive to SSD (2019-03-31) Solid-state drives SSDs offer a marked improvement in speed and stability over their older spinning disc counterparts and while at one time SSDs were considered expensive luxuries its now possible to grab 1TB drives for around 100 These falling prices have made the humble mechanical hard drive near obsolete for all but the largest of storage needs and if you were to buy a new PC or laptop today it..
Canon employee data exposed in ransomware attack (2020-12-01) The US subsidiary of Canon has admitted that a ransomware attack on its infrastructure left corporate data including employee information exposed In a statement Canon USA said that it is in contact with law enforcement agenciesand is using a cyber security company to help investigate the issue SEE MORE Canon coding error leads to permanent loss of users files SEE MORE Maze ransomware gang retires ..
ViewSonic VP2785-2K review: A steal for print and video (2020-11-09) At first sight this 1440p 27in monitor appears to be overpriced: after all you can buy the 4K Dell UltraSharp U2720Q for almost 60 less However unlike the Dell this ViewSonic isnt designed for life in any old office Instead its aimed at creative professionals who will be jumping from video to print and with the knowledge that they can trust the colours this panel shows Naturally it supports hardwa..
Microsoft Teams no longer works on Internet Explorer (2020-11-30) Millions of Internet Explorer users will be locked out of Microsoft Teams unless they upgrade to Microsofts Edge browser instead Starting today the webconferencing service will no longer be available on the legacy browser The move was announced earlier in the year as part of a push by Microsoft toget people toupgrade to its Chromium-based Edge browser before IE reaches end of life in 2021 SEE MORE..
86% of consumers experience cyber crime amid coronavirus pandemic (2020-11-19) Cyber criminals are increasingly targeting consumers as online shopping grows in light of the global coronavirus pandemic According to OpSecs Annual Consumer Barometer survey identity theft credit card fraud or a data breach has hit 86% of consumers over the past few months Thats a 6-percentage-point increase over the number of consumers who fell victim to these cyber incidents in 2019 SEE MORE Is..
Two thirds of UK organisations facing digital skills gap (2020-11-24) Over two thirds 69% of surveyed UK leaders believe that their organisation is currently facing a digital skills gap according to a new report conducted by Microsoft and Goldsmiths University of London Additionally 44% of the 600 leaders surveyed indicated that they fear the current lack of digital skills in their organisation will have a negative impact on their organisations success This feeling ..
Oracle releases emergency WebLogic Server patch to fix RCE flaw (2020-11-03) Oracle has been forced to issue anout-of-band patch to fix a critical remote code execution RCE flaw affecting multiple Oracle WebLogic Server versions The vulnerability tracked as CVE-2020-14750 could enable hackers to remotely exploit the server via a HTTP GET through the servers console component without any user interaction and may be exploited over a network without the need for a username an..
Samsung Galaxy Z Flip review gallery (2020-11-27) Samsung flips its lid
cloud computing data science security cyber security cloud
BrandPost: The CIO Show: Getting security right in the cloud

BrandPost: The CIO Show: Getting security right in the cloud

June 21, 2020

The move to cloud computing has been creating a new cyber security landscape for Australian enterprises for several years.Now with the increased complexity of hybrid cloud environments, greatly accelerated of course by COVID-19, CSIOs and CIOs with responsibility for cyber are having to rethink how they go about creating effective frameworks to ensure protection in an increasingly virtual world, w
The CIO Show: Getting security right in the cloud

The CIO Show: Getting security right in the cloud

June 21, 2020

The move to cloud computing has been creating a new cyber security landscape for Australian enterprises for several years.Now with the increased complexity of hybrid cloud environments, greatly accelerated of course by COVID-19, CSIOs and CIOs with responsibility for cyber are having to rethink how they go about creating effective frameworks to ensure protection in an increasingly virtual world, w
Cloud storage: How secure are Dropbox OneDrive Google Drive and iCloud?

Cloud storage: How secure are Dropbox OneDrive Google Drive and iCloud?

June 16, 2020

Cloud computing has been a dominant force within business IT for many years and has only grown stronger in 2020 due to the COVID-19 pandemic and the fact that the majority of employees are currently working outside of the traditional office. This has seen us become even more dependent on cloud-based services which now hold more of our data, be it personal or work, than ever before. As such, it is
Kameleon Security and Xilinx Collaborate on New Cybersecurity Solution for Servers Cloud Computing and Data Centers

Kameleon Security and Xilinx Collaborate on New Cybersecurity Solution for Servers Cloud Computing and Data Centers

July 26, 2020

Kameleon Security and Xilinx Collaborate on New Cybersecurity Solution for Servers, Cloud Computing and Data Centers View the full article HERE.To receive a RSS Feed with a complete description, click here
Microsoft backs NCSCs effort to bolster UK cyber security

Microsoft backs NCSCs effort to bolster UK cyber security

July 16, 2020

Microsoft has joined the National Cyber Security Centre’s (NCSC) Cyber Accelerator programme that seeks to find and develop UK startups that can help boost the country’s security. This is the NCSC’s seventh accelerator programme and it will run from January to March 2021. SEE MORE GCHQ launches cyber security competition SEE MORE What is cyber security? SEE MORE AI and dark web startups added t
A whistlestop tour of some of the years biggest cyber security stories

A whistlestop tour of some of the years biggest cyber security stories

July 12, 2020

Bears, scares and ransomware Well, what a year it's been. 2020 kicked off as it meant to go on, with news emerging from China of a new virus which lead to a swiftly imposed lockdown in the city of Wuhan. Looks grim, we thought, but it will probably peter out like previous viruses before it. How wrong we were. To coincide with our Deskflix Cyber Security event, here’s a look back at t
View from India: Digital twins help with failure management

View from India: Digital twins help with failure management

June 29, 2020

Digital technologies are revolutionising the manufacturing industry. Products can be scaled up and solutions used to drive operational efficiencies, improve safety and asset efficiencies. Smart and efficient are the new hallmarks of manufacturing. Various technologies are driving the digitisation of the manufacturing value chain. This has facilitated integrated product development right from ideat
ICT in Agriculture: A Travel to Australias Outback Queensland

ICT in Agriculture: A Travel to Australias Outback Queensland

June 23, 2020

The Darling Downs (Photo: Paul Budde) In October 2020, I went on a two-week tour into Queensland’s Outback, traveling through various landscapes from pastoral and agricultural lands to savanna and the desert. Leaving Brisbane, past Toowoomba, you enter the Darling Downs. This is one of the richest agricultural areas in Australia. British Botanist Alan Cunningham first explored it in 1827. H
Oracle announces new dual-region UK Government Cloud operating from data centres in London and Wales

Oracle announces new dual-region UK Government Cloud operating from data centres in London and Wales

June 22, 2020

Data centres in England and Wales are linked by a high speed backbone Oracle has announced a 'dual-region Government Cloud', private cloud infrastructure designed specifically for the UK government's needs to store and process official information and transactions securely. The dual-region cloud consists of two data centres for disaster recovery purposes - an existing facility in Lon