Reading time: ~2 m
Researchers have discovered a vulnerability in the central processors of Intel and AMD, through which attackers can get to the cryptographic keys
Scientists from the University of Texas at Austin, the University of Illinois at Urbana-Champaign and the University of Washington claim that attackers can use a vulnerability called “Hertzleed” to gain access to private keys in cryptographic libraries.
The problem was found on Intel chips for desktops and laptops from the 8th to the 11th generation based on the Core microarchitecture, as well as on AMD Ryzen chips based on the Zen 2 and Zen 3 architecture. The vulnerability was reported by the computer department of Tom’s Hardware.
At the beginning of the year, Intel introduced its own processor for cryptocurrency mining.
Hertzbleed is a new type of side-channel attack based on the features of dynamic frequency control (hence the name: Hertz and bleed ). Here’s what the study says:
“In the worst case, these attacks allow access to cryptographic keys on remote servers by analyzing computation time in cryptographic libraries. Previously, such libraries were considered to be protected from hacking. “
The Hertzbleed attack analyzes the dynamic frequency under different workloads and cracks the cipher by brute-force and manipulating the ciphertext.
Dynamic Frequency and Voltage Scaling (DVFS) is a feature that helps reduce power consumption. However, attackers can calculate the difference in power consumption by analyzing the server’s response time to specific requests.
“Hertzbleed is a real and practical security threat,” the researchers noted.
In 2020, the editors of BeInCrypto reported a vulnerability in the SGX extension on Intel processors, which also leads to attacks through third-party channels and hacking of encrypted keys.
How to protect yourself
Intel and AMD do not currently plan to deploy any firmware patches to protect against Hertzleed, however, there are measures that users can take on their own.
Chipmakers advise disabling dynamic frequency control to protect themselves from Hertzbleed. On Intel processors, it is called Turbo Boost, and on AMD – Turbo Core or Precision Boost. The company is confident that this measure will not affect the performance of the processor.
According to senior director of public relations and incident response, Jerry Bryant, this attack has no practical application outside the lab, as it will take an hour or even days to steal the keys. He also added that “cryptographic solutions that are protected from attacks based on third-party power analysis are not affected by this vulnerability.”
All information contained on our website is published in good faith and objectivity and for informational purposes only. The reader is solely responsible for any actions taken on the basis of information received on our website.
#Vulnerability #Intel #AMD #chips #crack #crypto #keys