Technology

A latest security flaw, ‘Collide+Power’ might affect almost every CPU

A new security flaw named “Collide+Power” has been discovered by researchers from Graz University of Technology in Australia in collaboration with the Helmholtz Center. This latest flaw can affect all CPUs and threaten actors by allowing them to observe CPU power consumption, which will reveal sensitive information.

The vulnerability, CVE-2023-20583, involves analyzing power consumption trends while processing both known data from the attacker and unknown data from the victim. As a result, a threat actor can derive the contents of the victim’s CPU cache memory by evaluating the power utilization and disclosing encryption keys and short identifiers.

Furthermore, the ‘Collide+Power’ security issue is available in two flavors: MDS-Power and Meltdown-Power. MDS-Power, if hyperthreading is enabled, can steal data from another security domain co-located on a sibling hardware thread at a rate of 4.82 bits per hour. However, extracting a 4,096-bit RSA key from a cloud vendor would take a month at this rate.

Other than that, Meltdown is pretty harmless, as it leaks data at a rate of 0.136 bits per hour. And observing it on scales of real-world reality, the act becomes even more sluggish in terms of memory prefetching, as it requires a period of 2.86 to extract a single bit from the kernel if fully deployed.

“However, this low-security risk may change dramatically if new architectural or microarchitectural methods of prefetching victim data in co-location with attacker-controlled data are discovered,” the researchers wrote.

Resolving the vulnerability

Although the security flaw may not appear to be feasible for ordinary hackers, it has piqued the curiosity of firms such as AMD, which has previously confirmed that its EPYC server CPUs contain a performance determinism option that can limit the danger of data leakage. Similarly, Intel emphasized the efficacy of current features and guidelines for combating power side-channel attacks exhibited in response to past threats such as PLATYPUS and Hertzbleed.

Recent Posts

Samsung Galaxy Tab S12 Ultra Leak shows design of the high-end tablet

New render images provide a preview of the upcoming Samsung Galaxy Tab S12 Ultra. While…

25 minutes ago

TSMC wants to remain No. 1 in chips: A14, A13, A12 nodes from 2028

Taiwan Semiconductor Manufacturing Company (TSMC) has once again provided an outlook on its plans for…

27 minutes ago

Apple iPad Mini 8 with OLED screen probably coming in autumn

The iPad Mini could soon see notable innovations for the first time in years. According…

1 hour ago

Pixel 11 Pro Fold Leak: Expected function appears to be missing

A current leak shows Google's upcoming folding smartphone in a new color variant. In addition…

1 hour ago

Tesla to introduce a bike, but not in the way you might think

The car manufacturer Tesla has brought a new two-wheeler onto the market. However, this is…

1 hour ago

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

17 hours ago