Wednesday, June 15th 2022

"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.
Sources: Hertzbleed, Intel
Add your own comment

15 Comments on "Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

#1
ncrs
At the same time Intel processors have received another batch of mitigations for the MMIO Stale Data vulnerabilities affecting CPUs from Haswell to Rocket Lake families which potentially affect performance as well.
Posted on Reply
#3
Vayra86
Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.
Posted on Reply
#4
r9
Vayra86Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.
Posted on Reply
#5
LabRat 891
Who'd've Imagined, having an all-core 24x7 OC become a 'security mitigation'?
Posted on Reply
#6
Denver
It seems that it is quite difficult for someone to be affected by this vulnerability under normal conditions.
Posted on Reply
#7
Aquinus
Resident Wat-man
AleksandarKAdditionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys.
Hours to days to steal a key? That doesn't sound practical at all. In fact, this sounds like a vulnerability found with AI under controlled conditions, which is not a realistic vector for attack.
Posted on Reply
#8
P4-630
AleksandarKIntel and AMD will offer microcode mitigations that should prevent this type of exploit from executing successfully.
This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.




www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/
Posted on Reply
#9
Steevo
This is close to an attacker can keylog a user based on the sound of the keys being depressed. Or an attacker with binoculars can observe your browsing habits while blinds are open.
Posted on Reply
#10
R0H1T
Vayra86Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.
Um no o_O

Posted on Reply
#11
Tomorrow
P4-630This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.




www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/
Yep. Several typos in this news post. Its Hertzbleed not Heartzbleed and they will release patches.
Posted on Reply
#12
P4-630


Intel's mitigation includes software fixes for any code that is susceptible to enabling a power side-channel attack — the company is not deploying firmware fixes. AMD is also not issuing a microcode patch. However, as you can see in the table above, some of the mitigation techniques do have a 'high' impact on performance. This varies by technique and whether or not it can be accomplished in hardware or software, or a combination of both.

www.tomshardware.com/news/intel-amd-hertzbleed-cpu-vulnerability-boost-clock-speed-steal-crypto-keys
Posted on Reply
#13
ncrs
P4-630This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.
While not for Hertzbleed Intel has released microcode updates for the MMIO Stale Data vulnerabilities which can affect performance, especially virtualization.
From Intel's site the MCU Update 2022.1 is available for INTEL-SA-00615 and INTEL-SA-00645.
Maybe this is the source of confusion ;)
Posted on Reply
#14
ThrashZone
Hi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre
Posted on Reply
#15
fb020997
ThrashZoneHi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre
I always use it on my PCs, too!
Posted on Reply
Add your own comment
Dec 25th, 2024 23:48 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts