In a recent study, researchers found a new way hackers can obtain information using an Intel CPU. The news comes through a combined effort by researchers from the Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services.
Researchers have dubbed the potential attack type “ÆPIC Leak,” which is the first architecturally level vulnerability that hackers could leverage to steal sensitive information from the target’s computer. Researchers found that the stale data from the cache hierarchy is improperly returned by the 10th, 11th, and 12th generation Intel CPUs due to an undefined range in APIC MMIO.
How does ÆPIC Leak work?
Advanced Programmable Interrupt Controller (APIC) represents devices and technologies that work together through the CPU. It is responsible for generating, routing, and handling all the hardware interrupts in a manageable way. ÆPIC Leak takes advantage of this component’s xAPIC mode, which enables access to the APIC registers via a memory-mapped I/O (MMIO) page.
Hackers can take advantage of the system if they access the administrator or root account, which leads to APIC MMIO. Once the access has been established, the privileged access can pose a risk to applications on the target device that uses Intel Software Guard Extensions (SGX) technology, designed to protect data.
How lethal is ÆPIC Leak?
Architectural-level cyberattacks are very rare. Most hackers try to retrieve information from their victims using cyberattack methods like phishing, malware, Denial-of-Service, and others. However, compared to these attacks and transients like Meltdown and Spectre, ÆPIC Leak takes advantage of an architectural bug, where hackers can move sensitive data from a computer without relying on (noisy) side channels.
The researchers suggest that since privileged access to the Administrator or root is required for the ÆPIC Leak to work, computers are safe from this architecturally level attack in most cases. However, computers relying on SGX to protect data are still prone to be caught in a ÆPIC Leak attack.
