"CPU Security Loophole: Analysis of Energy Consumption Allows Data Theft"
Central Processing Units (CPUs) are designed to run multiple applications simultaneously, which is advantageous for productivity, but poses a security risk. By analyzing the processor's energy consumption, researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel technique named "Collide+Power" that enables attackers to read data from the memory of CPUs. The adversary stores a data package on a CPU segment in this attack. In the second phase, malicious code causes the attacker's data to be overwritten with the targeted data. This overwriting consumes power, and the greater the difference between the two data packages, the more power is consumed. The process is repeated thousands of times, each time with minimally different attacker data packages to be overwritten. The targeted data package can be derived from the variations in power consumption that occur throughout this process. This article continues to discuss the novel security gap in all common CPUs that is difficult to mitigate.