Brief

Brief #12: Intel's Downfall CPU Flaw, Tesla's Jailbreak and More

Mandos Brief, Week 32 2023: Intel's "Downfall" vulnerability, Tesla's unpatchable infotainment jailbreak, North Korea's cyber espionage on Russia and more.

5 min read
mandos brief #13 - week 32 2023

TL;DR


Acoustic Side-Channel Attacks Can Decipher Keystrokes with Unprecedented Accuracy

A groundbreaking study by researchers has unveiled a novel acoustic side-channel attack capable of deciphering laptop keystrokes with an astonishing 95% accuracy. This attack leverages deep learning and is executed by recording keystrokes using a nearby phone. When the model was trained using keystrokes recorded via the video conferencing platform Zoom, the accuracy slightly decreased to 93%, setting a new benchmark for the medium. 

Side-channel attacks, which exploit the physical effects observed during data processing, pose significant threats to user privacy and security. Such attacks could be weaponized by adversaries to extract passwords and other confidential information. The researchers emphasized the widespread nature of keyboard acoustic emanations, which are often overlooked by users. For instance, while many individuals shield their screens when typing passwords, they rarely take measures to mask their keyboard sounds. 

The study involved experiments using 36 keys of an Apple MacBook Pro, with each key pressed 25 times. The recorded data was then transformed into a mel-spectrogram, which was subsequently used to train a deep learning model named CoatNet. As a preventive measure against such attacks, the researchers suggest altering typing styles, using randomized passwords, and incorporating randomly generated fake keystrokes, especially during voice calls.

Intel's "Downfall" Vulnerability: A Deep Dive into CPU Security Concerns

A recent revelation in the world of cybersecurity has unveiled a significant vulnerability in Intel's CPUs, aptly named "Downfall." Discovered by a senior research scientist at Google, this flaw affects a broad range of Intel microprocessor families. The crux of the vulnerability lies in its ability to exploit a transient execution side-channel issue, impacting processors based on Intel microarchitectures from Skylake through Ice Lake.

The primary concern with Downfall is its potential to steal sensitive data. Attackers can exploit this flaw to access passwords, encryption keys, and even private data like emails and banking information. The vulnerability takes advantage of the "gather" instruction, a feature in Intel processors designed to speed up data access. However, this same feature can inadvertently leak the content of the internal vector register file during speculative execution.

The implications of this vulnerability are vast, especially considering the widespread use of Intel processors in various devices. While Intel has been proactive in releasing fixes, the sheer number of affected devices makes patching a significant endeavor. 

North Korea Targets Russian Missile Engineering Firm

SentinelLabs recently uncovered a significant cybersecurity breach involving North Korea's infiltration of the Russian defense industrial base, specifically targeting a missile engineering organization named NPO Mashinostroyeniya. The investigation identified two distinct instances of compromise. 

The first was a direct attack on the organization's email server, which researchers attribute to the North Korean-affiliated threat actor known as ScarCruft. 

The second intrusion involved a Windows backdoor named "OpenCarrot", which is linked to the notorious Lazarus Group. While the exact relationship between these two threat actors remains unclear, the dual attacks suggest a coordinated effort or potential sharing of resources. 

The targeted organization, NPO Mashinostroyeniya, is a leading Russian manufacturer of missiles and military spacecraft, holding confidential intellectual property on missile technology. The nature of the attack and the entities involved underscore the strategic importance of the compromised data and the broader implications for global cybersecurity.

Windows Defender Vulnerability Allows Attackers to Hijack Update Process

In April 2023, Microsoft patched a vulnerability in Windows Defender that could allow attackers to hijack its signature update process. This flaw, discovered by researchers at SafeBreach, could be exploited to sneak malware into systems that Windows Defender is supposed to protect. 

The researchers also found that they could manipulate Windows Defender to delete signatures of known threats and even benign files, leading to potential denial-of-service conditions on compromised systems. To demonstrate the severity of this vulnerability, the researchers developed an automated tool called "WDpretender." This tool was designed to exploit each of the identified attack vectors. Microsoft acknowledged the vulnerability and assigned it the identifier CVE-2023-24934, subsequently releasing a fix in April. 

The research was inspired by the sophisticated Flame cyberespionage campaign from 2012, where attackers inserted themselves into the Windows update process to deliver malware. The SafeBreach team aimed to replicate a similar attack without the complexities seen in the Flame campaign.

Tesla's Unpatchable Infotainment Jailbreak: Unlocking Paid Features and More

A team of security researchers, accompanied by three PhD students from Germany, have unveiled a groundbreaking discovery: a persistent jailbreak for Tesla's current AMD-based vehicles. This revelation was made public ahead of their scheduled presentation at BlackHat 2023. The jailbreak exploits a known hardware vulnerability within the media control unit (MCU), granting unauthorized access to critical systems that manage in-car purchases. This could potentially deceive the car's system into believing that certain features, which usually require payment, have already been settled.

Tesla's advanced car computers, known for their integration from entertainment to autonomous driving capabilities, have recently been utilized for in-car purchases. These range from connectivity enhancements to physical features like faster acceleration or rear heated seats. The newly discovered attack can extract a vehicle-specific cryptographic key, essential for authentication within Tesla's service network. Alarmingly, this attack is considered "unpatchable" for current vehicles. This is because the vulnerability doesn't directly target a Tesla component but focuses on the embedded AMD secure processor within the MCU. The researchers have leveraged low-cost, off-the-shelf hardware to execute this attack, emphasizing its accessibility. The specifics of the attack will be detailed in the upcoming BlackHat presentation.

Share This Post

Check out these related posts

Brief #72: NVIDIA flaw, 3.8 Tbps Cloudflare DDoS, AWS AI hijacking

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #71: Storm-0501 Targets Hybrid Clouds, CUPS RCE Flaw, AI Security Challenges, Wiz's $20B Valuation

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #70: China's 260K-Device Botnet Thwarted, SolarWinds RCE Flaw, macOS Zero-Click Exploit, AI in Compliance

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 10 min read