New side-channel attack could compromise CPUs

Almost all modern CPUs could be compromised with the novel Collide+Power side-channel attack to facilitate data leaks, according to SecurityWeek. Researchers at the Graz University of Technology and CISPA Helmholtz Center for Information Security reported that Collide+Power, tracked as CVE-2023-20583, involves the use of shared CPU components that allow threat actors to acquire passwords, encryption keys, and other sensitive information. Different side-channel signals are also strengthened by the Collide+Power attack, which researchers said is aimed at the CPU memory subsystem and uses power consumption signals to change controlled data. Collide+Power was also found to have two variants, one of which requires hyperthreading. "The victim constantly reloads the secret into the targeted and shared CPU component during this process. An attacker running on a thread on the same physical core can now use Collide+Power to force collisions between the secret and attacker-controlled data," said researchers, who added that the odds of potential in-the-wild exploitation are low.