Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks [thehackernews]

A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors.

Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.

While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (e.g., Meltdown and Spectre), the new attack leverages a contention on the ring interconnect.

SoC Ring interconnect is an on-die bus arranged in a ring topology which enables intra-process communication between different components (aka agents) such as the cores, the last level cache (LLC), the graphics unit, and the system agent that are housed inside the CPU. Each ring agent communicates with the ring through what’s called a ring stop.