Read the original article: Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack
Researchers have devised a new method that allows potential attackers to leak sensitive information such as encryption keys from the Linux kernel’s memory and Intel SGX enclaves. The attack, dubbed PLATYPUS, abuses a legitimate CPU interface for monitoring and controlling the power consumption.
“Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values,” the team of researchers from the Graz University of Technology, the University of Birmingham in UK, and CISPA Helmholtz Center for Information Security said on a website dedicated to the attack. “PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel.”
Read the original article: Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack