A new side-channel attack Hertzbleed affects Intel and AMD CPUs

The new attack allows the remote attackers to steal full cryptographic keys

The flaw impacts cryptographic algorithmSecurity vulnerabilities allow the attacker to steal cryptographic keys

Hertzbleed provides criminals the opportunity to steal keys by observing variations in CPU frequency enabled by the dynamic voltage and frequent scaling. The newly discovered security vulnerability in modern Intel and AMD processors allows attackers to steal encryption keys via the power side-channel attack.[1]

The vulnerability was named Hertzbleed by researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington. The team revealed during the discovery that the issue is rooted in the dynamic voltage and frequency scaling, power, and thermal management feature employed to conserve power and limit the amount of heat that the chip generates.[2]

The major problem is that under particular circumstances periodic CPU frequency adjustments depend on the current CPU power consumption. These adjustments directly translate to the execution time differences, according to researchers.[3]

In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.

Attackers can leverage the execution time variations

The security vulnerabilities in Intel and AMD products can have significant consequences. These attackers can leverage the execution time versions and extract sensitive data like cryptographic keys. Advisories have been released from both companies. These were responses to the findings. Patches have not been released, however.

It is worrisome because Hertzbleed is a real and practical threat to the security of cryptographic software. It shows that power side-channel attacks can be turned into remote timing attacks. This lifts the need for any power measurement interface.

The vulnerability affects a cryptographic algorithm, but developers can apply countermeasures to the software code of the algorithm. This way it is possible to mask, hide or rely on key-rotation for the proper mitigation of the cyber attack.[4] Unfortunately, code can still leak via remote timing analysis, so the issue remains.

No patches are available for the time being

The vulnerability affects all Intel processors and can be exploited remotely. Even though the company addressed the flaw causing high-complexity attacks that are not requiring users' interaction or threat actors with high privileges, patches are not released. It seems that nor Intel nor AMD are planning to release them any time soon.[5] Intels' officials state that this is a flaw that is not practical outside of a lab and research environment.

Hertzbleed affects several AMD products like mobile, Chromebook, desktop, and server CPUs using the Zen 2 and Zen 3 microarchitecture. Processors from other vendors such as ARM that use the frequency scaling feature can also be affected by the flaw.

As the security vulnerability research team notes, disabling the frequency boost feature can mitigate the Hertzbleed attacks, in most cases. These frequency boost features are named the Turbo Boost on intel and Turbo Core or Precision Boost on AMD CPUs.

Eeven though this disabling can prevent data leakage via this security flaw, it is not recommended to rely on this solution because performance can be significantly affected. Especially, when Intel reports that the attack still can happen when the Turbo Boost feature is disabled. Try to look for the updates from developers and rely on their tips to harden the libraries and applications against throttling information disclosure.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare