IdleLeak: Exploiting Idle State Side Effects for Information Leakage
Fabian Rauscher
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Side-Channel Attacks
Fabian Rauscher's presentation at the NDSS Symposium unveils **IdleLeak**, a novel side-channel attack that exploits previously unexplored behaviors of modern CPU idle states. Modern processors incorporate sophisticated energy management features, transitioning CPU cores into various idle states, traditionally using privileged instructions like `hlt`. However, Intel's recent introduction of the **WAITPKG x86 ISA extension** made two new sub-states of the C0 running state, **C0.1** and **C0.2**, accessible from user space via the `tpause` and `umwait` instructions. This unprivileged access dramatically expands the attack surface, allowing an attacker to manipulate or monitor CPU idle states without requiring kernel privileges. IdleLeak demonstrates how these seemingly innocuous power-saving features can be repurposed for significant information leakage.