oh my word CrossTalk is sweet af ?
— Ian Coldwater ?? (@IanColdwater) June 9, 2020
the first cross-core attack using transient execution!
more info here: https://t.co/527aJi6QBv
whitepaper here: https://t.co/bFT62pY8zC
There was an embargo for 600+ days on #SRBDS, due to the difficulty of implementing a fix for the cross-core vulnerabilities.
— Andreas Schilling (@aschilling) June 10, 2020
Intel deep dive: https://t.co/UR9PTBaHls
Affected CPUs: https://t.co/h0tf99m7hB https://t.co/uxiZMnyqhk
Up to now side channel attacks were limited to one CPU core. With Special Register Buffer Data Sampling aka #CrossTalk some instructions can make access to off-core memory and in combination with RIDL gives access to data across several cores.https://t.co/VtKDa3I30a pic.twitter.com/cxO5SEoxzJ
— Andreas Schilling (@aschilling) June 10, 2020
“the staging buffer contains sensitive data, including the output of the hardware digital random number generator...this vuln can be exploited against victim apps running in Intel SGX secure enclaves...can leak the private key of a secure enclave running on a separate CPU core” https://t.co/hhjcU87rBM
— Liz Rice ?? (@lizrice) June 10, 2020
.@signalapp and @chainlink among many others promise "confidential computing" because of Intel's SGX's enclaves.
— Nelson Ijih (@NelsonIjih) June 10, 2020
Now they're in trouble
Perhaps, specially dedicated enclaves in systems(one not integrated into CPU) may be a better alternative for homomorphic encryption https://t.co/hsXI56yVM0
“See https://t.co/x0Oo1sYJn3 for complete ready-to-run PoCs” - those 10 words a girl longs to hear.
— Tinker Fairy (@TinkerFairy_Net) June 10, 2020
Bravo, @vu5ec https://t.co/stRMFuQUdE
New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs #security #cybersecurity https://t.co/MyCBMI7au4
— Paula Piccard ?️? ?? ?? (@Paula_Piccard) June 10, 2020
Academics have detailed today a new vulnerability named CrossTalk that can be used to leak data across Intel CPU coreshttps://t.co/tatrG5eSkn pic.twitter.com/T4gtObkAXz
— Catalin Cimpanu (@campuscodi) June 9, 2020
Intel security is not the best and many still buying and using them? https://t.co/jW12NH89EA
— KaZen (@Kaz9837) June 9, 2020
Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores. New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs... via @zdnet #infosec #tech #TuesdayTravel https://t.co/BaiNKEovXv
— AJ Durling (@Gurgling_MrD) June 9, 2020
New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs https://t.co/qPSdHHdHRo by @campuscodi
— ZDNet (@ZDNet) June 9, 2020
CrossTalk is another vulnerability part of the MDS class of transient execution side-channel attacks
— Catalin Cimpanu (@campuscodi) June 9, 2020
CrossTalk attacks a previously undocumented "staging buffer" shared by all CPUs, and used by the Line Fill Buffer (LBF) of each core.https://t.co/tatrG5eSkn pic.twitter.com/dY3kkXEARR
It never ceases to amaze me at how Intel repeatedly understates the severity of these attacks. This cycle of breaking over and over again should make it clear that SGX can only be used as a secondary security mechanism. https://t.co/sOgmFpz4Mu
— Yehuda Lindell (@LindellYehuda) June 9, 2020
Good article from @dangoodin001 on the two new Intel vulnerabilities, CrossTalk and SGAxe. https://t.co/d8bxvxBsDU
— Matthew Green (@matthew_d_green) June 9, 2020
Dont believe everything Intel tells you about securityhttps://t.co/XGT0BCRy5t
— KaZen (@Kaz9837) June 9, 2020
New CrossTalk Attack Impacts Intel's Mobile,Desktop, Server CPUs: https://t.co/hFiJxxwCv8 https://t.co/pnHTZ6cVsA
— Binni Shah (@binitamshah) June 10, 2020
List of vuln. Intel CPUs: https://t.co/4NMUnZu3hV
CrossTalk leaking SGX key across CPU cores in 1 sec: https://t.co/JFagAimC5X
Paper: https://t.co/WybBFQAYGG
CrossTalk was discovered in September 2018, but was patched this month via microcode updates Intel-SA-00320.
— Catalin Cimpanu (@campuscodi) June 9, 2020
Intel calls it "Special Register Buffer Data Sampling" or SRBDS: https://t.co/6YeCcOfinJ
See the SRBDS column in this table for affected CPUs: https://t.co/opMYFJi0xc pic.twitter.com/Gwm0DehIOu
New SGAxe attack steals protected data from Intel SGX enclaves
— Frank (@jedisct1) June 9, 2020
https://t.co/1QYq3ae0ta
S. van Schaik et al., "SGAxe: How SGX Fails in Practice" [...we retrieve the secret attestation key used for cryptographically proving the genuinity of enclaves over the network, allowing us to pass fake enclaves as genuine…]https://t.co/reSthnHDVt #PDF
— Arrigo Triulzi (@cynicalsecurity) June 10, 2020
New cross-core side channel attack on Intel CPUs
— Roman Semenov ?️ ? (@semenov_roman_) June 10, 2020
> In particular, our end-to-end exploit can leak the entire private key of a secure enclave running on a separate CPU core after only a single digital signature operation.https://t.co/fDx2EizEHI
oh my word CrossTalk is sweet af ?
— Ian Coldwater ?? (@IanColdwater) June 9, 2020
the first cross-core attack using transient execution!
more info here: https://t.co/527aJi6QBv
whitepaper here: https://t.co/bFT62pY8zC
After being embargoed for >21 months we (@vu5ec @noopwafel and I) present #CrossTalk (#SRBDS CVE-2020-0543) the first #MDS cross-core attack which leaks data from an offcore staging buffer shared across cores on many #Intel CPUs. Check out https://t.co/ln5j3o8dph for more details pic.twitter.com/iYA3GIywhG
— Hany Ragab (@hanyrax) June 9, 2020
Introducing #CrossTalk (#SRBDS), the first #MDS cross-core attack which can leak stale data from an offcore staging buffer shared across cores. See https://t.co/dwMPb7C0Xb where we also show how to leak #Intel #SGX enclave private keys across cores in 1s with just 1 signature: pic.twitter.com/dGFDPVoW8z
— VUSec (@vu5ec) June 9, 2020
Other info
— Catalin Cimpanu (@campuscodi) June 9, 2020
CrossTalk website: https://t.co/paObh6XC24
PoC: https://t.co/8CQTyoTL5L (see cpuid_leak and rdrand PoCs)
Technical paper [PDF]: https://t.co/sZBL2Y2Dbh
CrossTalk's CVE is CVE-2020-0543 pic.twitter.com/4b4SQDEsAY
“See https://t.co/x0Oo1sYJn3 for complete ready-to-run PoCs” - those 10 words a girl longs to hear.
— Tinker Fairy (@TinkerFairy_Net) June 10, 2020
Bravo, @vu5ec https://t.co/stRMFuQUdE
https://t.co/PZdaKTa1BG has our results - https://t.co/J6myFKwxVm might also be of interest. (we're still trying to keep https://t.co/oyXSc1Cdaw up-to-date with all of these attacks, although the timeline is getting longer and longer..)
— Alyssa Milburn (@noopwafel) June 9, 2020