A team of academic researchers has identified a new side-channel method that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack.
Dubbed Hertzbleed, the new attack method was made public this week by researchers from the University of Texas at Austin, the University of Illinois Urbana-Champaign, and the University of Washington. In addition to a name, the attack has its own website and logo. A paper describing Hertzbleed is also available.
According to the researchers, Hertzbleed shows that power side-channel attacks can be turned into remote timing attacks, allowing attackers to obtain cryptographic keys from devices powered by Intel, AMD and possibly other processors.
In the past, researchers demonstrated CPU side-channel attacks that rely on observing variations in a processor’s power consumption.
Hertzbleed does not require any direct power measurement and instead relies on a feature called dynamic frequency scaling, which modern processors use to reduce power consumption.
“Under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second),” the researchers explained.
An analysis of these time differences can allow an attacker — in some cases even a remote attacker can observe the variations — to target cryptographic software and obtain valuable cryptographic keys.
The attack was demonstrated against SIKE, or Supersingular Isogeny Key Encapsulation, a post-quantum key encapsulation mechanism that is used by companies such as Microsoft and Cloudflare.
While Hertzbleed itself is not an actual vulnerability, two CVE identifiers did get assigned to it: CVE-2022-23823 and CVE-2022-24436.
Intel has published two advisories to inform customers about Hertzbleed attacks. The chipmaker has confirmed that all of its processors are impacted. While the company has not released any CPU firmware updates, it did release cryptography-related guidance that software developers can use to “harden their libraries and applications against frequency throttling information disclosure.”
“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment,” Intel’s Jerry Bryant said in a blog post on Tuesday.
AMD has also published an advisory for Hertzbleed. The company has listed several desktop, mobile, Chromebook and server processors that are impacted. AMD has also advised developers to apply countermeasures in their software.
Other CPU makers could also be impacted. The researchers have notified ARM, whose products also implement frequency scaling, but the company has not provided any feedback on whether its products are affected.
Workarounds are also available, but the researchers pointed out that they can significantly impact performance.
Microsoft and Cloudflare learned about the attack on SIKE from a different team of researchers before being notified by the Hertzbleed team. Both companies have implemented mitigations.