• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

AleksandarK

News Editor
Staff member
Joined
Aug 19, 2017
Messages
2,667 (0.99/day)
In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.


View at TechPowerUp Main Site | Source
 
Joined
Jun 29, 2018
Messages
544 (0.23/day)
At the same time Intel processors have received another batch of mitigations for the MMIO Stale Data vulnerabilities affecting CPUs from Haswell to Rocket Lake families which potentially affect performance as well.
 
Joined
Sep 17, 2014
Messages
22,722 (6.05/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.
 

r9

Joined
Jul 28, 2008
Messages
3,300 (0.55/day)
System Name Primary|Secondary|Poweredge r410|Dell XPS|SteamDeck
Processor i7 11700k|i7 9700k|2 x E5620 |i5 5500U|Zen 2 4c/8t
Memory 32GB DDR4|16GB DDR4|16GB DDR4|32GB ECC DDR3|8GB DDR4|16GB LPDDR5
Video Card(s) RX 7800xt|RX 6700xt |On-Board|On-Board|8 RDNA 2 CUs
Storage 2TB m.2|512GB SSD+1TB SSD|2x256GBSSD 2x2TBGB|256GB sata|512GB nvme
Display(s) 50" 4k TV | Dell 27" |22" |3.3"|7"
VR HMD Samsung Odyssey+ | Oculus Quest 2
Software Windows 11 Pro|Windows 10 Pro|Windows 10 Home| Server 2012 r2|Windows 10 Pro
Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.
1655293370440.png
 
Joined
Apr 18, 2019
Messages
2,401 (1.15/day)
Location
Olympia, WA
System Name Sleepy Painter
Processor AMD Ryzen 5 3600
Motherboard Asus TuF Gaming X570-PLUS/WIFI
Cooling FSP Windale 6 - Passive
Memory 2x16GB F4-3600C16-16GVKC @ 16-19-21-36-58-1T
Video Card(s) MSI RX580 8GB
Storage 2x Samsung PM963 960GB nVME RAID0, Crucial BX500 1TB SATA, WD Blue 3D 2TB SATA
Display(s) Microboard 32" Curved 1080P 144hz VA w/ Freesync
Case NZXT Gamma Classic Black
Audio Device(s) Asus Xonar D1
Power Supply Rosewill 1KW on 240V@60hz
Mouse Logitech MX518 Legend
Keyboard Red Dragon K552
Software Windows 10 Enterprise 2019 LTSC 1809 17763.1757
Who'd've Imagined, having an all-core 24x7 OC become a 'security mitigation'?
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.79/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys.
Hours to days to steal a key? That doesn't sound practical at all. In fact, this sounds like a vulnerability found with AI under controlled conditions, which is not a realistic vector for attack.
 
Joined
Jan 5, 2006
Messages
18,584 (2.68/day)
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Intel and AMD will offer microcode mitigations that should prevent this type of exploit from executing successfully.

This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.




 
Last edited:
Joined
Nov 4, 2005
Messages
12,019 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
This is close to an attacker can keylog a user based on the sound of the keys being depressed. Or an attacker with binoculars can observe your browsing habits while blinds are open.
 
Joined
Aug 21, 2013
Messages
1,942 (0.47/day)
This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.




Yep. Several typos in this news post. Its Hertzbleed not Heartzbleed and they will release patches.
 
Joined
Jan 5, 2006
Messages
18,584 (2.68/day)
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Screenshot 2022-06-15 152441.png


Intel's mitigation includes software fixes for any code that is susceptible to enabling a power side-channel attack — the company is not deploying firmware fixes. AMD is also not issuing a microcode patch. However, as you can see in the table above, some of the mitigation techniques do have a 'high' impact on performance. This varies by technique and whether or not it can be accomplished in hardware or software, or a combination of both.

 
Joined
Jun 29, 2018
Messages
544 (0.23/day)
This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.
While not for Hertzbleed Intel has released microcode updates for the MMIO Stale Data vulnerabilities which can affect performance, especially virtualization.
From Intel's site the MCU Update 2022.1 is available for INTEL-SA-00615 and INTEL-SA-00645.
Maybe this is the source of confusion ;)
 
Joined
Feb 20, 2020
Messages
9,340 (5.27/day)
Location
Louisiana
System Name Ghetto Rigs z490|x99|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor 10900k w/Optimus Foundation | 5930k w/Black Noctua D15
Motherboard z490 Maximus XII Apex | x99 Sabertooth
Cooling oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block | Blk D15
Memory Trident-Z Royal 4000c16 2x16gb | Trident-Z 3200c14 4x8gb
Video Card(s) Titan Xp-water | evga 980ti gaming-w/ air
Storage 970evo+500gb & sn850x 4tb | 860 pro 256gb | Acer m.2 1tb/ sn850x 4tb| Many2.5" sata's ssd 3.5hdd's
Display(s) 1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case D450 | Cherry Entertainment center on Test bench
Audio Device(s) Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply EVGA 1000P2 with APC AX1500 | 850P2 with CyberPower-GX1325U
Mouse Redragon 901 Perdition x3
Keyboard G710+x3
Software Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores Are in the benchmark section
Hi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre
 
Joined
Feb 24, 2020
Messages
97 (0.05/day)
Location
3rd world sh1thole, AKA italy
System Name AMDream v3.0
Processor AMD Ryzen 7 9800X3D+TechN AM4
Motherboard ASRock X870 Steel Legend WiFi
Cooling 2x240 slim rads, 1x420mm slim rad, 4xEK Vardar Evo RGB, 2x Arctic P14 PWM+ 1x slim, stock case fans
Memory 2x16GB Corsair Vengeance DDR5 6000 CL30 EXPO
Video Card(s) AMD Radeon RX 7900XT Reference+Alphacool waterblock+Kryosheet
Storage 2TB Western Digital SN850X
Display(s) Xiaomi Mi 2k Gaming Monitor 27” (1440p165 IPS)+Lenovo T22v-10+VESA arm
Case Lian Li Lancool III White ARGB
Audio Device(s) Bose Acoustimass 5 Series II speakers, Ayima A04 amp
Power Supply Seasonic Focus GX-850
Mouse Glorious Model D- Wired
Keyboard Keychron K5 (white backlight, blue Gateron Low Profile switches)
Software Windows 11 Pro
Hi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre
I always use it on my PCs, too!
 
Top