A new side channel attack threatens Intel and AMD CPUs. It has been discovered by a group of Austrian researchers from the Graz University of Technology. They have called it PLATYPUS and it allows exploiting variations in processor power consumption to access confidential data. One of the characteristics that differentiate this attack from other similar ones is that it does not require physical access to the server, desktop or laptop.
This vulnerability opens the door for an unprivileged user to steal data by reconstructing the information received through the RAPL power monitoring interface. This interface is included in the Intel CVE-2020-8694, CVE-2020-8695 and AMD CVE-2020-12912 processors.
Linux operating systems are more vulnerable to PLATYPUS, as the kernel's Powercap framework allows users without administrator permissions to access RAPL counters. In this way, CPU and DRAM consumption is exposed to possible tracing. Carrying out this attack on Windows and macOS systems requires additional effort, as the Inter Power Gadget package needs to be installed, which requires privileged access.
Both Intel and AMD, as well as the developers of the Xen hypervisor, have already released patches to prevent their products from being affected by this attack.
More information at this link.
You must authenticate to review this post