Intel and AMD processors are at risk against the new Hertzbleed attack

June 17, 2022
Intel AMD Processors Digital Risk Hertzbleed Cyberattack Side Channel

Remote threat operators can now execute a new side-channel attack tracked as Hertzbleed. They use the new attack vector to exfiltrate full cryptographic keys in affected CPUs through observing their frequency variations enabled by DVFS or dynamic voltage and frequency scaling.

According to the security analysts, the new side-channel attack is highly effective on modern Intel and AMD x86 processors since the DVFS is dependent on the power consumption and processed data. DVFS helps adjust a computer processor’s power and speed settings, which is vital in reducing power consumption and optimising its efficiency.

 

The new Hertzbleed side-channel attack allows threat operators to steal unsecured cryptographic keys remotely.

 

As a serious threat to the security of cryptographic software, the new Hertzbleed attack can be turned into timing attacks against modern x86 processors, which omits the need for power measurement tools such as DVFS. Furthermore, it could also demonstrate how cryptographic codes are still prone to be leaked despite being executed properly through remote timing analysis.

Despite the threat of the new side-channel attack, representatives from Intel and AMD state that there is no need to release fixes for the vulnerability. According to an Intel senior, the attack is not considered practical “outside of a lab environment,” but it could be an interesting case to study for research.

Studies on the attack suggest that both affected vendors’ products are at risk of being compromised, including desktops, smartphones, Chromebooks, and CPUs. Nonetheless, the two software firms had released guidance for the developers to help strengthen their machines against the new Hertzbleed attack and frequency throttling information disclosure.

Some of the information included in the released guidance was the use of masking or key-rotation in mitigating the leakages resulting from the Hertzbleed attacks. It would also be effective for users to disable the frequency boost feature; however, most analysts do not suggest this since it could significantly impact a processor’s performance.

About the author

Leave a Reply