Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

Security researchers from the University of Illinois at Urbana-Champaign are raising the alarm over a new type of side-channel attack targeting Intel processors, which can enable threat actors to steal passwords, encryption keys and other types of sensitive information, according to Threatpost. A key feature of this new attack is its targeting of the CPU ring interconnect feature in modern Intel CPUs, including the Skylake and Coffee Lake processor families, instead of deploying traditional methods such as sharing memory and cache sets. The researchers said this new channel of attack appears difficult to perform because of the sparse information available on the ring interconnect’s functioning and architecture, and the “noisy” nature of data gathered through ring contention. According to researchers, the attack can successfully overcome some side-channel countermeasure that have been introduced previously. The researchers, who are scheduled to present their findings at USENIX Security 2021, said they were able to develop two proof-of-concept attacks, one that extracts “key bits” from vulnerable RSA and Edwards-curve Digital Signature Algorithm encryption algorithm implementations, and another that targets keystroke timing information.