SoylentNews is people
SoylentNews
What Is a Side Channel Attack?:
Modern cybersecurity depends on machines keeping secrets. But computers, like poker-playing humans, have tells. They flit their eyes when they've got a good hand, or raise an eyebrow when they're bluffing—or at least, the digital equivalent. And a hacker who learns to read those unintended signals can extract the secrets they contain, in what's known as a "side channel attack.".
Side channel attacks take advantage of patterns in the information exhaust that computers constantly give off: the electric emissions from a computer's monitor or hard drive, for instance, that emanate slightly differently depending on what information is crossing the screen or being read by the drive's magnetic head. Or the fact that computer components draw different amounts of power when carrying out certain processes. Or that a keyboard's click-clacking can reveal a user's password through sound alone.
[...] For a sufficiently clever hacker, practically any accidental information leakage can be harvested to learn something they're not supposed to. As computing gets more complicated over time, with components pushed to their physical limits and throwing off unintended information in all directions, side channel attacks are only becoming more plentiful and difficult to prevent. Look no further than the litany of bugs that Intel and AMD have struggled to patch over the last two years with names like Meltdown, Spectre, Fallout, RIDL, or Zombieload—all of which used side channel attacks as part of their secret-stealing techniques.
The most basic form of a side channel attack might be best illustrated by a burglar opening a safe with a stethoscope pressed to its front panel. The thief slowly turns the dial, listening for the telltale clicks or resistance that might hint at the inner workings of the safe's gears and reveal its combination. The safe isn't meant to give the user any feedback other than the numbers on the dial and the yes-or-no answer of whether the safe unlocks and opens. But those tiny tactile and acoustic clues produced by the safe's mechanical physics are a side channel. The safecracker can sort through that accidental information to learn the combination.
[...] Attacks like Spectre and Meltdown left firms like Intel and other computer manufacturers in a cat-and-mouse game of chasing after their products' accidental information leaks, constantly releasing updates to hide data that's exposed in side channel attacks or pad it with other noise that makes it harder to decipher. As computers become more and more complex, and if the computing industry continues to prioritize performance over security, side channels will still appear, says Michigan's Genkin. In some cases like Spectre and Meltdown, researchers are even digging into years-old mechanics and pulling out secrets that were available for the taking all long—at least, for anyone who could decipher the accidental byproducts of a computer's processes.
"They were always there," says Genkin. "The reason you hear more and more about them is that as we dig further, we find more and more side channels to exploit. And as we find out just how bad they are, we are also learning how to defend against them."
(Score: -1, Offtopic) by Anonymous Coward on Monday June 22 2020, @11:18AM
Something to be explained to the knowall Millenials.
Old geezers who bucked fetta? Not so much. Maaaybe to Runaway, but he's running linux, so slim chances that even he can derive a benefit from TFA.
Seriously, eds, by triviality this story is an open invitation to GNAA comments.
(Score: 2) by driverless on Monday June 22 2020, @11:41AM (1 child)
These have been around for a long time. For example say you're locked up in Alcatraz and you want to communicate with the guy in the cell next to you. So you're sitting there on your bed staring at the metal water pipe running from your cell into his when suddenly you leap up and hear the bedsprings creak. Eureka! By bouncing up and down on the bed you can creak out messages in morse code!
(Score: 0) by Anonymous Coward on Monday June 22 2020, @04:12PM
Information gained in this way has been a rich source of information and inspiration through the ages.
"Knock three times on the ceiling if you want me,
twice on the pipe, if the answer is no. . ."
(Score: 1) by shrewdsheep on Monday June 22 2020, @04:45PM
I think the poker-tell analogy is not bad. It seems to blur the definition in TFS later on, though. This would be my definition: A proper exploit is from the inside, i.e. running software on the computer (you have to get there via the network cable). A side-channel exploit is from the outside (you have to go there physically and you do not run software on the computer). Stare long enough at the computer until you know all its secrets. By this definition, Spectre and Meltdown would not be a side-channel exploit but a proper one. Certainly, combinations are thinkable.
(Score: 2) by TheReaperD on Monday June 22 2020, @04:48PM (4 children)
If Intel tries to say that they couldn't have anticipated these kind of attacks on their processors... BULLSHIT! At my job at the time, I had a regular invitation to the Intel Developer Conference (I might be mangling the name of the conference as it was over 10 years ago) and the combination of the sales droids and an engineer were touting their great new remote management system called vPro. Since they had an actual engineer there, I asked him, in detail how the system worked. When he told me that the remote management engine was a system on chip (SoC) that was walled off from the regular processor functions that could even wake a computer from a power-off state and take admin control of the computer at privileges above ring 0 (WTF?!), I was more than a little alarmed. I asked him what were the security implications of having this SoC remote management system. He said there were no security implications because the user had no access to the SoC enclave. I told him that was utter and complete bullshit because, if there's any way of interacting with the enclave, there was a method for a bad actor to take advantage of it, and with the above ring 0 (highest security access ring built into the processor) privileges, you're just asking for an unmitigable attack from hackers. I flat out said, this was a really, really bad idea. He no longer wanted to talk to me and he and the sales droids avoided me the rest of the conference (and I was never invited back). I even went so far as to contact my former father-in-law who was a Premier Engineer at Intel at the time about my concerns. He was not involved in processor design at the time, but he agreed the concern was serious enough to take to his boss. He told me later that he was no longer able to discuss it with me. And, sure enough, vPro was launched, right on schedule. I recommended my employer switch to all AMD processors, at the time, due to this issue. (Now AMD has something similar, but so far, it hasn't been hit as bad. I do not know how the AMD system works as I'm no longer in IT.)
Now, this doesn't include anything about process speculation attacks as that was too low-level for me so, I missed that one. This is exclusively about the SoC enclave attacks that became possible when they released vPro.
Disclaimers: I am not, nor have I ever been, an employee of Intel. I received this information at an Intel conference that was available for IT personnel and management of invited companies and government bodies at their Folsom, CA facility. I did not receive any private information that would not have been available to any other attendee of the conference, if they had asked. The Premier Engineer I mentioned did not discuss any Intel proprietary information or intellectual property with me, nor was he able to, as he was not a member of the processor design team at the time of vPro's development, nor did he speak of this issue after he said he was no longer able to discuss it. I do not know what, if any, conversations he had with Intel's management or what their content may have been. I do not, nor am I able to obtain, his permission to post any further information about him, as he is deceased. This is my own opinion of the security implications of the Intel vPro system based on the information available to me at the time. As I am not an Intel engineer, nor do I have access to Intel proprietary information or intellectual property, my view of this issue may be incomplete or inaccurate.
Ad eundum quo nemo ante iit
(Score: 2) by takyon on Monday June 22 2020, @05:06PM (2 children)
It's too late, the assassins have already been dispatched.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by TheReaperD on Monday June 22 2020, @08:37PM (1 child)
Actually, I welcome the assassins with open arms and firearms. It's the lawyers I want to keep off my lawn (housing prices would go to hell).
Ad eundum quo nemo ante iit
(Score: 0) by Anonymous Coward on Monday June 22 2020, @11:54PM
No no, if Lawyers are congregating on your lawn, the prices aren't going to hell - you're in hell. The souls milling around include non-lawyers too if you take the time to look, just, few in comparison.
(Score: 0) by Anonymous Coward on Tuesday June 23 2020, @11:18AM
It came out far too fast, it very rapidly went from its own 'secure' chip to blocking off bios rewriting from the end user without cryptographic signatures, neatly killing projects like coreboot, and it has proven itself susceptible to exactly the kind of dangers that make older hardware 'forced obsolescence' while also ensuring new hardware can't be trusted as safe out of the box. Combined with the EULA and telemetry Microsoft added to Windows 10, it looks more and more like a broad ranging information gather mechanism designed for one or more groups of special interests. Interests who are not in favor of plebian control of their technology or understanding of its true operation.
(Score: 0) by Anonymous Coward on Monday June 22 2020, @04:53PM (3 children)
I only pay a cursory amount of time on these stories, but the ones I recall all pretty much require the conditions to be very very restricted. You basically need to be within a few centimeters of the computer or something like that, and that these attacks "work" in the literal sense, but in a practical sense they don't have a shot.
(Score: 2) by Rupert Pupnick on Monday June 22 2020, @06:21PM (2 children)
Agreed— for most of these overhyped side channel attacks (especially via the power supply) you need some serious instrumentation that would probably take up a lab cart or two. If you have that kind of access to a target system, you’ll get much better results just trying to go in the front door, so to speak.
(Score: 2) by TheReaperD on Monday June 22 2020, @08:40PM (1 child)
Well, tricks like reading the sound waves from the power supply are mostly only for lab tests, the CIA and the KGB (oh, right, FSB). If you're not a target of one of the three, you can pretty much ignore this crap.
Ad eundum quo nemo ante iit
(Score: 0) by Anonymous Coward on Monday June 22 2020, @11:57PM
Heartbleed & ilk actually impact many folks. Weaponization wasn't limited to state actors.
(bah apparently this isn't long enough, or some other filter blocks post?)
(Score: 0) by Anonymous Coward on Monday June 22 2020, @04:53PM (2 children)
it's funny how "computer security" gives "plausible deniabilty" to telepathy.
before computers it was pretty obvious when someone was mind reading and the "psycorps" had to be careful.
today (and in the future) however, the question "how did you know?" is answered with simple "the computer told me" and nobody is the wiser ...
(Score: 0) by Anonymous Coward on Monday June 22 2020, @06:26PM
The only thing "funny" here is your post.
(Score: 2) by Azuma Hazuki on Tuesday June 23 2020, @02:34AM
Shhhhh! I swear you're gonna get us all exposed one of these days. Loose lips psink pshyps, dammit.
I am "that girl" your mother warned you about...