From 73d51bae522bf8f40cc5d2bfb018aa4b3aa9cec1 Mon Sep 17 00:00:00 2001 From: nopeitsnothing Date: Wed, 9 Aug 2023 12:39:33 -0400 Subject: [PATCH 1/2] Detail new architectural CPU bug "Downfall" Attacks (#324) --- guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guide.md b/guide.md index 4dffe5b..b1e4a81 100644 --- a/guide.md +++ b/guide.md @@ -12412,6 +12412,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. - [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. - [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. +- [Downfall](https://downfall.page/) [[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/) - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes. # Appendix B6: Warning for using Orbot on Android From 6f87ca203502e9eb49d18f84ec7be40c8aa46185 Mon Sep 17 00:00:00 2001 From: nopeitsnothing Date: Wed, 9 Aug 2023 13:04:14 -0400 Subject: [PATCH 2/2] Detail Inception and Phantom attacks (#325) --- guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guide.md b/guide.md index b1e4a81..f506dd8 100644 --- a/guide.md +++ b/guide.md @@ -12413,6 +12413,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. - [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. - [Downfall](https://downfall.page/) [[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/) - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes. +- [Phantom, Inception](https://comsec.ethz.ch/research/microarch/inception/) - Attacks that leak arbitrary data using seemingly "phantom" instructions on AMD Zen CPUs; "[making] it take wrong actions based on supposedly self conceived experiences", an allusion to the film of the same name. # Appendix B6: Warning for using Orbot on Android