side-channel attack | Breaking Cybersecurity News | The Hacker News

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed  GoFetch , the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data from the CPU cache. Apple was made aware of the findings in December 2023. Prefetchers are a hardware optimization technique that predicts what memory addresses a currently running program will access in the near future and retrieve the data into the cache accordingly from the main memory. The goal of this approach is to reduce the program's memory access latency. DMP is a type of prefetcher that takes into account the contents of memory based on previously observed access patterns when determining what to prefetch. This behavior makes it ripe for cache-based attacks that trick the prefetche

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed  GhostRace  ( CVE-2024-2193 ), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a branch misprediction attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target," the researchers  said . The findings from the Systems Security Research Group at IBM Research Europe and VUSec, the latter of which disclosed another side-channel attack called  SLAM  targeting modern processors in December 2023. Spectre refers to a  class of side-channel attacks  that exploit branch prediction and s

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to  new research  published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites like GitHub. ChatGPT plugins , as the name implies, are tools designed to run on top of the large language model (LLM) with the aim of accessing up-to-date information, running computations, or accessing third-party services. OpenAI has since also introduced  GPTs , which are bespoke versions of ChatGPT tailored for specific use cases, while reducing third-party service dependencies. As of March 19, 2024, ChatGPT users  will no longer  be able to install new plugins or create new conversations with existing plugins. One of the flaws unearthed by Salt

A novel side-channel attack called  GPU.zip  renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign  said . Graphical data compression  is a feature in integrated GPUs (iGPUs) that allows for saving memory bandwidth and improving performance when rendering frames, compressing visual data losslessly even when it's not requested by software. The study found that the compression, which happens in various vendor-specific and undocumented ways, induces data-dependent  DRAM  traffic and cache occupancy that can be measured using a side-channel. "An attacker can exploit the iGPU-based compression channel to perform cro

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called  Collide+Power  ( CVE-2023-20583 ),  Downfall  ( CVE-2022-40982 ), and  Inception  ( CVE-2023-20569 ), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as  Zenbleed  (CVE-2023-20593). "Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers,"  Daniel Moghimi , senior research scientist at Google,  said . "This vulnerability [...] enables a user to access and steal data from other users who share the same computer." In a hypothetical attack scenario, a malicious app installed on a device could weaponize the method to steal sensitive information like passwords and encryption keys, effectively undermining Intel's Software Guard eXtensions ( SGX

A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. "When trained on keystrokes recorded using the video conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium," researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad  said  in a new study published last week. Side-channel attacks  refer  to a class of  security exploits  that aim to glean insights from a system by monitoring and measuring its physical effects during the processing of sensitive data. Some of the common observable effects include runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses. Although a completely side-channel-free implementation does not exist, practical attacks of this kind can have damaging consequences for user privacy and security as they could be weaponized by a ma

In what's an ingenious  side-channel attack , a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device's power LED," researchers from the Ben-Gurion University of the Negev and Cornell University  said  in a study. By taking advantage of this observation, it's possible for threat actors to leverage video camera devices such as an iPhone 13 or an internet-connected surveillance camera to extract the cryptographic keys from a smart card reader­. Specifically, video-based cryptanalysis is accomplished by obtaining video footage of rapid changes in an LED's brightness and exploiting the video camera's  rolling shutter  effect to capture the physical emanations. "This is caused by the fact that the power LED is connected directly to the pow

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed  Hertzbleed  by a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling ( DVFS ), a power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip. "The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second)," the researchers said. This can have significant security implications on cryptographic libraries even when implemented correctly as  constant-time code  to prevent timing-based side channels, effectively enabling an attacker to leverage the execut

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as  Spectre  and obtain sensitive information from kernel memory. Discovered by  Piotr Krysiuk  of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions. While  CVE-2020-27170  can be abused to reveal content from any location within the kernel memory,  CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory. First documented in January 2018,  Spectre and Meltdown  take advantage of flaws in modern processors to  leak data  that are currently processed on the computer, thereby allowing

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. Dubbed NetCAT , short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache. Discovered by a team of security researchers from the Vrije University in Amsterdam, the vulnerability, tracked as CVE-2019-11184, resides in a performance optimization feature called Intel's DDIO—short for Data-Direct I/O—which by design grants network devices and other peripherals access to the CPU cache. The DDIO comes enabled by default on all Intel server-grade processors since 2012, including Intel Xeon E5, E7 and SP families. According to the researchers [ paper ], NetCAT attack works simila

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAM s, like Rowhammer , RAMBleed , Spectre, and Meltdown . Have you ever noticed they all had at least one thing in common? That's OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on a targeted computer, where an unprivileged attacker-owned process exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system. That's possible because OpenSSH has an agent that keeps a copy of your SSH key in the memory so that you don't have to type your passphrase every time you want to connect to the same remote server. However, modern operating systems by default store sensitive data, including encryption keys and passwords, in the kernel memory which can not be accessed by user-level privileged p

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed " NetSpectre ," the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system. If you're unaware, the original Spectre Variant 1 flaw (CVE-2017-5753), which was reported earlier this year along with another Spectre and Meltdown flaws , leverages speculative stores to create speculative buffer overflows in the CPU store cache. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues and is discarded if not. This issue could

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks . Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading (SMT) that allows the operating system to use a virtual core for each physical core present in processors in order to improve performance. The Hyper-threading feature comes enabled on computers by default for performance boosting, but in a detailed post published Tuesday, OpenBSD maintainer Mark Kettenis said such processor implementations could lead to Spectre-style timing attacks. "SMT (Simultaneous multithreading) implementations typically share TLBs and L1 caches between threads," Kettenis wrote. "This can make cache timing attacks a lot easier, and we strongly suspect that this will make several Spectre-class bugs exploitable." In cryptography, side-channe

Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor's speculative execution technology—like Specter and Meltdown —and could potentially be exploited to access sensitive information, including encryption related data. Dubbed Lazy FP State Restore , the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw and keep their customers protected. The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Windows and Linux distributions. As the name suggests, the flaw leverages a system performance optimization feature, called Lazy FP state restore, embedded in modern processors, which is resp

If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 ( version 3.6 and above of the Linux kernel ) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays. The flaw actually resides in the design and implementation of the Request for Comments: 5961 ( RF

As far sci-fi movies have been entertaining the public, but their ideas have always been a matter of adoption in real life. Just like in any other sci-fi movie, simply touching a laptop can be enough to extract the cryptographic keys used to secure data stored on it. A team of computer security experts at Tel Aviv University (Israel) has come up with a new potentially much simpler method that lets you steal data from computers — Just Touch it — literally. WAYS TO ATTACK ENCRYPTION There are different ways of attacking encryption systems. On one side, there are security vulnerabilities and weakness in the encryption algorithms themselves that make it possible to figure out the cryptographic keys. On the other side, there are flaws and weaknesses in the people themselves that make it easier than it should be to force them to offer up the keys to decrypt something. But, Flaws and weaknesses in neither of which is necessarily quick or easy to find out, as there are seve

A group of researchers has developed a side-channel attack targeting virtual machines that could pose a threat to cloud computing environments. Side-channel attacks against cryptography keys have, until now, been limited to physical machines, this attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. " In this attack, the researchers were able to extract a private ElGamal decryption key from the target VM's libgcrypt library; the target was running Gnu Privacy Guard. Over the course of a few hours of observations, they were able to reconstruct a 457-bit exponent accompanying a 4096-bit modulus with high accuracy. So high that the attacker was then left to search fewer than 10,000 possible exp