Prevent a lateral channel attack
Introduction
The threats on the network are varied. One of them is the lateral channel attack, capable of exploiting vulnerabilities located in hardware components. This type of attack has become a vulnerability of growing importance in multinuk platforms and cloud environments. It also takes advantage of information output patterns, electrical emissions, energy amounts and clicks of a keyboard.
In this article we will explain what a side channel attack is and how to avoid it. It is based on information obtained, thanks to the physical implementation of a computer system. Get data without the need to enter the system. An attacker could control the amount of energy that a component is using to see what he is doing.
Developing
In the case of sounds, a cybercrime can listen to audio patterns that come from a device and use those results to obtain information. If you monitor the electromagnetic waves issued by the devices, you can decipher what that equipment is doing exactly. Specter, Meltdown and other vulnerabilities that affect microprocessors, for example, take advantage of a lateral channel attack based on processing time.
Within them, attackers can use a range of side channels, such as the heat that the device generates, the energy it consumes, or the execution time. The attacks are also based on synchronization and can use it when, on a processing system, the attacker manages to introduce his own code or use interactions with the system between existing applications. For network systems, attacks that are based on synchronization, for being more viable.
For example, systems that use memory caches could be particularly vulnerable to time -based attacks, because this causes a difference in the performance of a given code section. The acoustic analysis occurs when a computer pirate listens to the audio patterns of a device and uses the results to meet the information.
Listening to the phone marking tone or pressing the buttons would be an acoustic attack. Some studies have been carried out that prove the viability of an acoustic attack. Electromagnetic analysis monitors waves issued by devices. From this information, an attacker can decipher what the device is doing. At least, you can know if there is a device nearby;For example, you can use a phone to find hidden surveillance cameras.
Nvidia GPUS are vulnerable to lateral channel attacks. Security researchers at the University of California in Riverside, have discovered that lateral channel attacks are not limited to processors, they can also be applied to NVIDIA GPUS. These attack can be used to steal passwords, monitor web activity and break cloud -based services.
The first attack tracks the user activity on the web. In the second attack, the authors were able to extract users from users. Every time the user writes a character, the entire password text box is loaded in the GPU as a texture to represent. The third attack points to a computational application in the cloud. The attacker launches a malicious workload in the GPU that operates together with the victim’s application.
The attacker uses the classification based on automatic learning in the traces of the performance counter to extract the secret neuronal network structure of the victim, such as the number of neurons in a specific layer of a deep neuronal network. Nvidia was informed of the findings and is working on a patch that offers administrators the option to disable access to processes performance counters at the user level.
It is essential that you always protect your systems, that you avoid being victims of the lateral channel attack that may compromise your privacy. Avoiding this type of attack is not simple, since equipment needs energy or sound. However you can always prevent a computer pirate from carrying out its attack. For that you can count on security tools and keep the antivirus correctly updated.
conclusion
You must also have the latest installed versions and all available patches. Thanks to these security updates you can prevent failures from being exploited and putting your safety at risk. Cybercounts are often going to need the user’s interaction to carry out their attacks. They will need to make some mistake to exploit it. Therefore, common sense must be something that is always present.
Experts point out that as the equipment becomes more complex, and if the industry continues to prioritize the performance of safety, the side channels will continue to appear.That is why computers manufacturers, monitor accidental information gaps from their products, publishing updates to hide the data that are exposed in lateral channel attacks or to make them more difficult to decipher.
Leave feedback