Another week, another BWAIN! For those who are unfamiliar with the term, BWAIN stands for Bug With An Impressive Name. It refers to the practice of giving new cybersecurity attacks catchy names, registering domain names for them, creating custom websites, and designing logos. In the latest discovery, the attack has been named Collide+Power, which includes a pesky punctuation character that caused some domain name registration issues. Despite the abbreviated domain name, the website provides an overview of the problem at hand.
The researchers behind this new cybersecurity attack are from Graz University in Austria and the CISPA Helmholtz Center for Information Security in Germany. While the technical details of this attack are complex, the core issue is related to cache memory in modern processor chips. Cache memory is designed to provide a performance boost by storing frequently accessed data values from conventional RAM. However, this memory can sometimes leak its content to processes that should not have access to it.
Cache memory is faster to access than data in motherboard RAM, but it is not under direct control of the programmer. The CPU decides which data values to cache and when to replace them. This means that even admin-level programs cannot directly access or manipulate the cached data. Instead, programmers still use machine code instructions to read data from specific RAM addresses, and the operating system determines whether access is granted based on the RAM address.
The researchers behind Collide+Power discovered that while they couldn’t directly access the temporary data in cache storage, they could make inferences about the data values by measuring the power consumption of the CPU during the process of overwriting cached values. The power consumption depends on the number of bits changed between the old and new values. By monitoring the power usage accurately enough, the researchers could determine the number of flips and infer the starting values of those bits. This allowed them to predict the likely new values in the cache, even if they couldn’t access the exact data being used.
While this vulnerability, known as CVE-2023-20583, is unlikely to be used against individuals in the near future, it is a theoretical concern that chip manufacturers need to consider. The researchers assure readers that there is no immediate need to panic. In their experiments, they found that under ideal conditions, the attack leaked just 5 bits per hour. The practical limitations of the attack make it less of an immediate threat.
In conclusion, the Collide+Power attack highlights the potential vulnerabilities in cache memory in modern processor chips. While the technical details are complex, the core issue is that cached data can sometimes be accessed by processes that should not have access to it. This vulnerability is more of a theoretical concern for chip manufacturers to address, rather than an immediate threat to individuals. Nevertheless, it serves as a reminder of the ongoing need for cybersecurity vigilance.
