"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

AleksandarK · Jun 15, 2022

In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.

View at TechPowerUp Main Site | Source

ncrs · Jun 15, 2022

At the same time Intel processors have received another batch of mitigations for the MMIO Stale Data vulnerabilities affecting CPUs from Haswell to Rocket Lake families which potentially affect performance as well.

SOAREVERSOR · Jun 15, 2022

Here we go again.

Vayra86 · Jun 15, 2022

Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.

r9 · Jun 15, 2022

Vayra86 said:
Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.

LabRat 891 · Jun 15, 2022

Who'd've Imagined, having an all-core 24x7 OC become a 'security mitigation'?

Denver · Jun 15, 2022

It seems that it is quite difficult for someone to be affected by this vulnerability under normal conditions.

Aquinus · Jun 15, 2022

AleksandarK said:
Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys.

Hours to days to steal a key? That doesn't sound practical at all. In fact, this sounds like a vulnerability found with AI under controlled conditions, which is not a realistic vector for attack.

P4-630 · Jun 15, 2022

AleksandarK said:
Intel and AMD will offer microcode mitigations that should prevent this type of exploit from executing successfully.

This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.

New Hertzbleed side-channel attack affects Intel, AMD CPUs

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).

www.bleepingcomputer.com

Steevo · Jun 15, 2022

This is close to an attacker can keylog a user based on the sound of the keys being depressed. Or an attacker with binoculars can observe your browsing habits while blinds are open.

R0H1T · Jun 15, 2022

Vayra86 said:
Hertzbleed.

Can we take a moment to appreciate the brilliance of that naming. This is better than AMD's 'Threadripper'.

Um no

Pikachu Detective Pikachu GIF - Pikachu Detective Pikachu Sad - Discover & Share GIFs

Tomorrow · Jun 15, 2022

P4-630 said:
This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," Intel's Senior Director of Security Communications and Incident Response Jerry Bryant said.

However, both vendors provide guidance [1, 2] on how developers can harden their software against frequency throttling information disclosure.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.

New Hertzbleed side-channel attack affects Intel, AMD CPUs

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).

www.bleepingcomputer.com

Yep. Several typos in this news post. Its Hertzbleed not Heartzbleed and they will release patches.

P4-630 · Jun 15, 2022

Intel's mitigation includes software fixes for any code that is susceptible to enabling a power side-channel attack — the company is not deploying firmware fixes. AMD is also not issuing a microcode patch. However, as you can see in the table above, some of the mitigation techniques do have a 'high' impact on performance. This varies by technique and whether or not it can be accomplished in hardware or software, or a combination of both.

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys

Boost frequencies reveal timings, and thus secret keys

www.tomshardware.com

ncrs · Jun 15, 2022

P4-630 said:
This is what I read on other sites:

Intel and AMD are not planning to release patches.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

While not for Hertzbleed Intel has released microcode updates for the MMIO Stale Data vulnerabilities which can affect performance, especially virtualization.
From Intel's site the MCU Update 2022.1 is available for INTEL-SA-00615 and INTEL-SA-00645.
Maybe this is the source of confusion

ThrashZone · Jun 15, 2022

Hi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre

fb020997 · Jun 16, 2022

ThrashZone said:
Hi,
VM features I already leave disabled so no big deal
As far as other performance hits, well just like all other exploits I'd hope an update of this little jewel would kill those implementations to.

GRC | InSpectre

I always use it on my PCs, too!

System Name	Tiny the White Yeti
Processor	7800X3D
Motherboard	MSI MAG Mortar b650m wifi
Cooling	CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory	32GB Corsair Vengeance 30CL6000
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Lian Li A3 mATX White
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	Steelseries Aerox 5
Keyboard	Lenovo Thinkpad Trackpoint II
VR HMD	HD 420 - Green Edition ;)
Software	W11 IoT Enterprise LTSC
Benchmark Scores	Over 9000

System Name	Primary\|Secondary\|Poweredge r410\|Dell XPS\|SteamDeck
Processor	i7 11700k\|i7 9700k\|2 x E5620 \|i5 5500U\|Zen 2 4c/8t
Memory	32GB DDR4\|16GB DDR4\|16GB DDR4\|32GB ECC DDR3\|8GB DDR4\|16GB LPDDR5
Video Card(s)	RX 7800xt\|RX 6700xt \|On-Board\|On-Board\|8 RDNA 2 CUs
Storage	2TB m.2\|512GB SSD+1TB SSD\|2x256GBSSD 2x2TBGB\|256GB sata\|512GB nvme
Display(s)	50" 4k TV \| Dell 27" \|22" \|3.3"\|7"
VR HMD	Samsung Odyssey+ \| Oculus Quest 2
Software	Windows 11 Pro\|Windows 10 Pro\|Windows 10 Home\| Server 2012 r2\|Windows 10 Pro

System Name	Sleepy Painter
Processor	AMD Ryzen 5 3600
Motherboard	Asus TuF Gaming X570-PLUS/WIFI
Cooling	FSP Windale 6 - Passive
Memory	2x16GB F4-3600C16-16GVKC @ 16-19-21-36-58-1T
Video Card(s)	MSI RX580 8GB
Storage	2x Samsung PM963 960GB nVME RAID0, Crucial BX500 1TB SATA, WD Blue 3D 2TB SATA
Display(s)	Microboard 32" Curved 1080P 144hz VA w/ Freesync
Case	NZXT Gamma Classic Black
Audio Device(s)	Asus Xonar D1
Power Supply	Rosewill 1KW on 240V@60hz
Mouse	Logitech MX518 Legend
Keyboard	Red Dragon K552
Software	Windows 10 Enterprise 2019 LTSC 1809 17763.1757

System Name	Apollo
Processor	Intel Core i9 9880H
Motherboard	Some proprietary Apple thing.
Memory	64GB DDR4-2667
Video Card(s)	AMD Radeon Pro 5600M, 8GB HBM2
Storage	1TB Apple NVMe, 4TB External
Display(s)	Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case	MacBook Pro (16", 2019)
Audio Device(s)	AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply	96w Power Adapter
Mouse	Logitech MX Master 3
Keyboard	Logitech G915, GL Clicky
Software	MacOS 12.1

System Name	AlderLake
Processor	Intel i7 12700K P-Cores @ 5Ghz
Motherboard	Gigabyte Z690 Aorus Master
Cooling	Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory	32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s)	MSI RTX 2070 Super Gaming X Trio
Storage	Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s)	23.8" Dell S2417DG 165Hz G-Sync 1440p
Case	Be quiet! Silent Base 600 - Window
Audio Device(s)	Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply	Seasonic Focus Plus Gold 750W
Mouse	Logitech MX Anywhere 2 Laser wireless
Keyboard	RAPOO E9270P Black 5GHz wireless
Software	Windows 11
Benchmark Scores	Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock

"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

AleksandarK

News Editor

ncrs

SOAREVERSOR

Vayra86

r9

LabRat 891

Denver

Aquinus

Resident Wat-man

P4-630

New Hertzbleed side-channel attack affects Intel, AMD CPUs

Steevo

R0H1T

Tomorrow

New Hertzbleed side-channel attack affects Intel, AMD CPUs

P4-630

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys

ncrs

ThrashZone

fb020997

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.

System Name	Ghetto Rigs z490\|x99\|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor	10900k w/Optimus Foundation \| 5930k w/Black Noctua D15
Motherboard	z490 Maximus XII Apex \| x99 Sabertooth
Cooling	oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block \| Blk D15
Memory	Trident-Z Royal 4000c16 2x16gb \| Trident-Z 3200c14 4x8gb
Video Card(s)	Titan Xp-water \| evga 980ti gaming-w/ air
Storage	970evo+500gb & sn850x 4tb \| 860 pro 256gb \| Acer m.2 1tb/ sn850x 4tb\| Many2.5" sata's ssd 3.5hdd's
Display(s)	1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case	D450 \| Cherry Entertainment center on Test bench
Audio Device(s)	Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply	EVGA 1000P2 with APC AX1500 \| 850P2 with CyberPower-GX1325U
Mouse	Redragon 901 Perdition x3
Keyboard	G710+x3
Software	Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores	Are in the benchmark section

System Name	AMDream v3.0
Processor	AMD Ryzen 7 9800X3D+TechN AM4
Motherboard	ASRock X870 Steel Legend WiFi
Cooling	2x240 slim rads, 1x420mm slim rad, 4xEK Vardar Evo RGB, 2x Arctic P14 PWM+ 1x slim, stock case fans
Memory	2x16GB Corsair Vengeance DDR5 6000 CL30 EXPO
Video Card(s)	AMD Radeon RX 7900XT Reference+Alphacool waterblock+Kryosheet
Storage	2TB Western Digital SN850X
Display(s)	Xiaomi Mi 2k Gaming Monitor 27” (1440p165 IPS)+Lenovo T22v-10+VESA arm
Case	Lian Li Lancool III White ARGB
Audio Device(s)	Bose Acoustimass 5 Series II speakers, Ayima A04 amp
Power Supply	Seasonic Focus GX-850
Mouse	Glorious Model D- Wired
Keyboard	Keychron K5 (white backlight, blue Gateron Low Profile switches)
Software	Windows 11 Pro