Researchers have identified a new side-channel attack impacting all existing processors. Named “Collide+Power”, this side-channel attack exploits target CPU’s measured power consumption following a collision between the attackers’ and the other apps’ datasets in cache memory. While severe, the researchers deem it a low-risk attack with fewer exploitability probabilities in real-world scenarios.
Collide+Power Attack Affects Most Processors
A team of researchers from Graz University of Technology, Austria, and CISPA Helmholtz Center for Information Security, California, have shared details about a new side-channel attack, “Collide+Power” that impacts most CPUs.
The researchers discovered a vulnerability, CVE-2023-20583, impacting the CPU hardware that allows sensitive data leaks. That’s what the researchers exploited to demonstrate the Colllide+Power attack.
The attack involves measured CPU power consumption values when the dataset from other apps collides with attackers’ data to overpower it in the CPU cache memory. It involves three steps: 1) introducing arbitrary data to the targeted CPU component, 2) forcing the target (victim) data to overwrite the attacker’s data, and 3) measuring the subsequent power consumption changes due to overwriting attackers’ data by the victim data, which allows estimating the secret data values.
The researchers demonstrated two attack variants. The first involves constantly accessing the shared component triggering collisions between the secret data and the attackers’ data. Executing this attack requires hyperthreading enabled. In contrast, the second variant does not depend on hyperthreading. It involves using a prefetch gadget to introduce arbitrary data to the shared CPU component, forcing collisions. This variant, however, is less efficient as it exhibits a reduced leakage rate.
The researchers have set up a dedicated web page elaborating on the Collide+Power attack.
Attack Limitations And Mitigations
While the vulnerability affects almost all existing processors, potentially appearing as a severe threat, the researchers clarified that it isn’t so severe. First, the information leak happens at a prolonged rate, making it practically unfeasible in a real-world attack.
Besides, vendors may deploy hardware or software-level mitigations to prevent data collisions. Although, implementing such restrictions seems difficult as it requires complex structural changes in the CPUs’ shared hardware components.
Another possible mitigation includes preventing the attacker from observing power-related signals, such as by restricting access to the RAPL interface. These mitigations also address the previously known PLATYPUS and Hertzbleed attacks, so implementing them sounds feasible.
Let us know your thoughts in the comments.