This kind of PLATYPUS is not a sweet and unusual mammal, this is a security problem recently announced that affects Intel across server, desktop and laptop CPUs. Along with a long list of other Intel issues that went public today (there's like 40 of them…), PLATYPUS is one that's gaining some attention and came with its own fancy website.
PLATYPUS (Power Leakage Attacks: Targeting Your Protected User Secrets) is a way to exploit the unprivileged access to the Intel RAPL (Running Average Power Limit) interface exposing the processor's power consumption to infer data and extract cryptographic keys. Physical access is not required the researchers say, so it's quite a concerning one.
You can check out these two videos they released to explain it a little:
Here's some more information from the website setup for PLATYPUS:
With classical power side-channel attacks, an attacker typically has physical access to a victim device. Using an oscilloscope, the attacker monitors the energy consumption of the device. With interfaces like Intel RAPL, physical access is not required anymore as the measurements can be accessed directly from software. Previous work already showed limited information leakage caused by the Intel RAPL interface. Mantel et al. showed that it is possible to distinguish if different cryptographic keys have been processed by the CPU. Paiva et al. established a covert channel by modulating the energy consumption of the DRAM.
Our research shows that the Intel RAPL interface can be exploited in way more threatening scenarios. We show that in addition to distinguishing different keys, it is possible to reconstruct entire cryptographic keys. We demonstrate this by recovering AES keys from the side-channel resilient AES-NI implementation, as well as RSA keys from an Intel SGX enclave. In addition, we distinguish different Hamming weights of operands or memory loads, threatening constant-time implementations of cryptographic algorithms. To mitigate PLATYPUS, the unprivileged access to the energy consumption has been revoked with an update to the operating system. With Intel SGX, however, a compromised operating system is within the threat model, rendering this mitigation insufficient. Therefore, Intel released microcode updates that change the way the energy consumption is reported if Intel SGX is enabled on the system. Instead of actual energy measurements, it falls back to a model-based approach, such that same instructions with different data or operands can not be distinguished.
Who is behind PLATYPUS? Various developers at Graz University of Technology, CISPA Helmholtz Center for Information Security and the University of Birmingham including: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella and Daniel Gruss.
Are you directly affected? Well it goes all the way back to Sandy Bridge (2011), so have a look at the list of what's affected which can be found here. Intel released microcode updates to affected processors and for Linux there's been security updates to help with it. As always, ensure you're up to date everywhere possible.
The research does mention that other vendors are affected too like AMD from the Zen architecture onwards, but it appears limited to AMD Rome CPUs. ARM and NVIDIA too are possible as they all have these features available but the main testing has been done against Intel for now.