Intel PLATYPUS vulnerability exploits built-in power monitoring tools

Posted on Thursday, November 12 2020 @ 15:05 CET by Thomas De Maesschalck
Intel logo
Security researchers discovered another interesting vulnerability in Intel's processors. Called PLATYPUS, this vulnerability uses on-board energy meters to exfiltrate data from the processor. The attack mainly works on Linux, where the powercap framework provides unprivileged access to Intel RAPL by default. On Windows and macOS, the Intel Power Gadget tool needs to be installed. The attack is explained in detail on this website:
Platypuses are fascinating animals: While they are mammals, they also lay eggs, and males can detect electrical signals with their bill. Likewise to the Platypus that uses its ability to find food even in complete darkness, we sense secrets in the processor's energy measurements using Intel RAPL.

Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values. PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel.

With SGX, Intel released a security feature to create isolated environments, so-called enclaves, that are secure even if the operating system is compromised. In our work, we combine PLATYPUS with precise execution control of SGX-Step. As a result, we overcome the hurdle of the limited measuring capabilities of Intel RAPL by repeatedly executing single instructions inside the SGX enclave. Using this technique, we recover RSA keys processed by mbed TLS from an SGX enclave.
Intel may not be the only one affected. The security researchers speculate AMD's server processors may have a similar vulnerability starting with the Rome generation. Furthermore, other vendors like ARM, NVIDIA, Marvell and Ampere may also be affected.

Linux tech site Phoronix reports there's a new Linux update with a CPU microcode update to protect against PLATYPUS and other bugs.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments