Strategy, Threat intelligence

Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

March 8, 2021
Security researchers from the University of Illinois at Urbana-Champaign are raising the alarm over a new type of side-channel attack targeting Intel processors, which can enable threat actors to steal passwords, encryption keys and other types of sensitive information, according to Threatpost. A key feature of this new attack is its targeting of the CPU ring interconnect feature in modern Intel CPUs, including the Skylake and Coffee Lake processor families, instead of deploying traditional methods such as sharing memory and cache sets. The researchers said this new channel of attack appears difficult to perform because of the sparse information available on the ring interconnect’s functioning and architecture, and the “noisy” nature of data gathered through ring contention. According to researchers, the attack can successfully overcome some side-channel countermeasure that have been introduced previously. The researchers, who are scheduled to present their findings at USENIX Security 2021, said they were able to develop two proof-of-concept attacks, one that extracts “key bits” from vulnerable RSA and Edwards-curve Digital Signature Algorithm encryption algorithm implementations, and another that targets keystroke timing information.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad