Researchers have discovered a vulnerability in Intel and AMD central processing units ,CPU) can be used by malicious actors to access cryptographic keys.
According to researchers from the University of Texas Austin, the University of Illinois at Urbana-Champaign, and the University of Washington, a vulnerability in CPUs called “HertzBleed” could allow “side-channel attacks” that could steal cryptographic keys.
CPUs from both chip giants Intel and AMD are affected. These include Intel desktop and laptop models from the eighth to 11th generation Core microarchitecture and AMD Ryzen chips desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.
The vulnerability was reported by computer hardware outlet Tom’s Hardware. Intel and AMD have both issued advisories regarding this issue.
Hertzbleed is a new type of side-channel attack called frequency side channel (hence the name Hertz and bleeding data). According to the research paper on the attack:
“Worst case scenario, these attacks could allow an attacker to extract cryptographic keys from remote servers that were previously considered secure.”
The Hertzblade attack looks at the power signature of any cryptographic workload and uses it to steal data. As reported by Tom’s Hardware, this power signature varies due to the CPU’s dynamic boost clock frequency adjustments during workloads.
Dynamic Voltage and Frequency Scaling (DVFS) is a feature of modern processors used to reduce power consumption, so the vulnerability is not a bug.
Attackers can predict changes in power consumption by monitoring the time taken by the server to answer specific queries.
“Hertzbleed is a real and practical threat to the security of cryptographic software,” the researchers said.
in 2020, Happen[In]crypto reported the discovery of a flaw in Intel’s SGX (Software Guard Extension) that could lead to side-channel attacks and compromised crypto keys.
Is there a work around?
Intel and AMD have no current plans to deploy any firmware patches to mitigate Hertzbleed that can be exploited remotely, however, there are workarounds.
According to the chip companies, the solution to reducing hertzbleeds is to disable frequency boost. For Intel CPUs the feature is called “Turbo Boost”, and for AMD chips it is known as “Turbo Core” or “Precision Boost”. However, this is likely to affect processor performance, he noted.
According to Jerry Bryant, Intel’s senior director of security communications and incident response, this attack is not practical outside of a laboratory environment, partly because it takes “hours to days” to steal a cryptographic key. He added that “cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue.”