Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security identified a new attack method. They previously identified the Meltdown and Spectre flaws, which opened the door for a slew of additional side-channel attack methods aimed at widely used chips.
These side-channel attacks generally allow a malicious program installed on the targeted device to take advantage of CPU flaws in order to access potentially sensitive information from memory linked with other apps, such as passwords and encryption keys.
Many of the side-channel cyberattacks that have been revealed in recent years have targeted Intel processors, but as the recently published research indicates, AMD chips are not immune. Lipp, Gruss, and Schwarz’s novel attacks use prefetch instructions’ time and power measurements.
The researchers explained in their paper that in contrast to earlier work on Intel prefetch attacks, the prefetch instruction on AMD exposes significantly more information.
They revealed a novel approach for building a covert channel to exfiltrate data and displayed numerous attack scenarios, including one in which they built a Spectre attack to leak confidential information from the OS.
In addition, the researchers claim to have discovered the first complete microarchitectural KASLR (Kernel Address Space Layout Randomization) break on AMD that runs on all major operating systems. KASLR is an exploit mitigation method that experts revealed how an attacker might compromise it on laptops, desktop PCs, and cloud-based virtual machines.
AMD was notified of the results in mid-and-late 2020, and the company recognized them and gave comments in February 2021. AMD gave the CVE identifier CVE-2021-26318 and a medium severity rating to flaws.
Although the problem affects all of its processors, the chipmaker isn’t advocating any additional mitigations since the attacks mentioned in the research do not directly leak data over address space borders.
In general, AMD’s advice includes many suggestions for preventing side-channel attacks – including updating operating systems, software, and firmware – and adhering to safe coding principles.
Lipp verified that mitigations for the attacks they outlined already exist but highlighted that not all are activated by default on AMD CPUs. He feels that their current study reveals some intriguing characteristics of AMD CPUs, leading to more research into side-channel assaults in the future.