Recently Moritz Lipp and fellow researchers have discovered a new power-side channel attack, which was named Platypus. Platypus utilizes power sensors inside every modern CPU core to extract secrets from that core. This way, a process running on a CPU can spy on other processes in that core, regardless of whether the processes are in the secure enclave (like SGX) or not. Normally power sensors are accessed by an operating system to make decisions about performance and battery life. This research shows that these sensors have sufficient resolution to leak both symmetric and asymmetric keys.
Although the research itself is focused on specific Intel, AMD and ARM CPUs, there is no reason to believe that the attack is restricted to only these platforms. If the system has power sensors and the attacker is able to access them, the keys that the system is trusted with may be susceptible to the Platypus attack. The attacker would first need to load the (potentially unprivileged) code on the CPU, after which the attacks can be performed remotely.
For Intel platforms, a microcode patch is available that is intended to mitigate leakage from a secure enclave (SGX) by decoupling what the sensors report from actual power consumption. There is also a patch for Linux that disallows non-root processes from accessing the power sensor. If you use a core that has a power sensor but is not mentioned here, inquire with your manufacturer directly, or otherwise investigate whether that core is susceptible.
At Riscure, we can determine whether your product is vulnerable to Platypus, and to define a workable Platypus remediation strategy. Contact us at inforequest@riscure.com.
Check out other posts of Riscure Security Highlights.