Threat Signal Report

PLATYPUS ATTACK - Newly Discovered Power Consumption Related Software Side Channel Attacks

Description

Researchers at the University of Graz published a white paper on a new software based side channel attack, dubbed PLATYPUSATTACK, and assigned CVE-2020-8694 and CVE-2020-8695. This novel attack affects Intel server, desktop, and laptop CPUs. The vulnerability lies within the Intel RAPL interface. When exploited by an unprivileged attacker (Linux), the attacker is able to utilize the vulnerability to leak secure crypto keys from secure areas of the chipset; Intel SGX enclaves. This attack is novel because prior to this attack, only hardware-based attacks with physical access to the machine made the attack possible. This latest development also provides insight into another possible attack vector, via the powercap framework on Linux. Because this framework is not restricted to privileged users on Linux, exploitation is possible via an unprivileged user. On Windows and MacOs machines, you would have to be a privileged user to exploit this vulnerability.


What are the Technical Details of the Exploit?

According to the paper, an unprivileged attacker can:

  • Leak AES-NI keys from Intel SGX enclaves and the Linux kernel space;
  • Break kernel address-space layout randomization (KASLR);
  • Infer secret instruction streams; and
  • Establish a timing-independent covert channel.
Further details highlight a privileged attack on mbed TLS utilizing precise execution control to recover RSA keys from an SGX enclave. The unprivileged angle only exists on Linux operating systems.


What does RAPL stand for?

The Running Average Power Limit (RAPL) interface allows users to manage DRAM and CPU power consumption usage on Intel devices.


What Products Are Affected?

According to the advisory, Intel has confirmed a list of CPUs affected by this vulnerability. This list can be found in the APPENDIX under "2020.2 IPU - Intel® RAPL Interface Advisory." The authors of the advisory have disclosed their findings to AMD and ARM as well; but have not been provided with an official statement.


What Operating Systems Are Affected?

Linux, MacOS, and Windows operating systems running Intel chipsets are affected.


By default, on Linux, unprivileged users have access to Intel RAPL via the powercap framework. Windows and MacOs users must install or have already installed the Intel Power Gadget, which makes the exploitation more difficult as the installation must be made by a privileged user.


Is Remote Exploitation Possible?

Yes. Unlike previous sidechannel attacks, this attack is remotely exploitable when chained together with another vulnerability or malware.


What is the Status of AV and IPS coverage?

AV and IPS coverage is not feasible for this event. These issues rely upon microcode updates at the chipset level and at the operating system level. For a list of mitigation recommendations, along with links to respective vendor pages, please see the "What Mitigation is Available?" section below, and the APPENDIX section.


How Serious of a Vulnerability is this?

MEDIUM. As the exploitation requires some sophistication to conduct, it is not considered easily exploitable. Intel has stated publicly that they have not seen any evidence of in the wild (ITW) attacks related to PLATYPUS.


Is this from the Same Authors of Meltdown and Spectre?

Yes. This is from the same institution and researchers from the Meltdown and Spectre paper of 2018.


What are the CVSS Scores for each CVE Assignment?

CVE-2020-8694

CVSS Base Score: 5.6 Medium


CVE-2020-8695

CVSS Base Score: 5.3 Medium


What Mitigation is Available?

Microsoft, in cooperation with Intel, have released a comprehensive microcode update for Windows 10 machines affected by CVE-2020-8695 (Intel Running Average Power Limit (RAPL) Interface) version 2004 and 20H2, and Windows Server, version 2004 and 20H2.


For Linux, it is recommended that users visit their respective vendor pages to update and install available patches or follow suggested mitigation whenever possible.


For MacOS and Windows users, it is suggested they uninstall the Intel Power Gadget, if feasible, as this remediates another potential attack vector. It is also suggested that users regularly visit their BIOS and hardware manufacturers security update pages for further guidance, as each vendor will have a specific approach and guidance to this latest disclosure.


Definitions

Traffic Light Protocol

Color When Should it Be used? How may it be shared?

TLP: RED

Not for disclosure, restricted to participants only.
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party's privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.

TLP: AMBER

Limited disclosure, restricted to participants’ organizations.
Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.

TLP: GREEN

Limited disclosure, restricted to the community.
Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.

TLP: WHITE

Disclosure is not limited.
Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.