Intel CPUs plagued by security vulnerabilities side-channel attack - PLATYPUS

We lost count on the number of them, but researchers again discovered vulnerabilities in Intel CPUs. Fluctuations in software power consumption allowed them to access sensitive data. This type of attack is identified as PLATYPUS. The affected processors are all 6th Generation to present including the 11th Gen Comet Lake.

Recently, international security researchers, including a team of experts from the University of Birmingham, discovered a new security vulnerability in Intel processors that makes it possible to access sensitive data by leveraging the side channel to compromise system security. PLATYPUS attacks were difficult to execute as they required precise energy measurements that were difficult to execute with malware. That's why attackers were known to require physical access to the device, as well as specific measurement tools, such as an oscilloscope.

However, this changed after new research from the Graz University of Technology uncovered a method that makes it possible to access sensitive data using side-channel attacks with unprecedented precision, even without physical access.  In this way, Intel processors were found to be vulnerable to attack in two different approaches: configuring the RAPL (Running Average Power Limit) interface so that power consumption can be logged without administrator permissions; as well as moving critical data and programs through misuse of Intel's security feature, Software Guard Extensions ( SGX ).

After being informed and working on the issue, Intel released a security update (microcode) this month that also addresses other flaws for a large number of products. These security issues were found in Intel's Wi-Fi modules, Bluetooth and wireless network adapters, as well as the AMT remote management tool.

Intel released no less than 40 security advisories this week, all of them critical, high, and medium.