Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors

A team of academic researchers has identified a new side-channel method that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack.

A team of academic researchers has identified a new side-channel method that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack.

Dubbed Hertzbleed, the new attack method was made public this week by researchers from the University of Texas at Austin, the University of Illinois Urbana-Champaign, and the University of Washington. In addition to a name, the attack has its own website and logo. A paper describing Hertzbleed is also available. Hertzbleed

According to the researchers, Hertzbleed shows that power side-channel attacks can be turned into remote timing attacks, allowing attackers to obtain cryptographic keys from devices powered by Intel, AMD and possibly other processors.

In the past, researchers demonstrated CPU side-channel attacks that rely on observing variations in a processor’s power consumption.

Hertzbleed does not require any direct power measurement and instead relies on a feature called dynamic frequency scaling, which modern processors use to reduce power consumption.

“Under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second),” the researchers explained.

An analysis of these time differences can allow an attacker — in some cases even a remote attacker can observe the variations — to target cryptographic software and obtain valuable cryptographic keys.

The attack was demonstrated against SIKE, or Supersingular Isogeny Key Encapsulation, a post-quantum key encapsulation mechanism that is used by companies such as Microsoft and Cloudflare.

While Hertzbleed itself is not an actual vulnerability, two CVE identifiers did get assigned to it: CVE-2022-23823 and CVE-2022-24436.

Intel has published two advisories to inform customers about Hertzbleed attacks. The chipmaker has confirmed that all of its processors are impacted. While the company has not released any CPU firmware updates, it did release cryptography-related guidance that software developers can use to “harden their libraries and applications against frequency throttling information disclosure.”

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment,” Intel’s Jerry Bryant said in a blog post on Tuesday.

AMD has also published an advisory for Hertzbleed. The company has listed several desktop, mobile, Chromebook and server processors that are impacted. AMD has also advised developers to apply countermeasures in their software.

Other CPU makers could also be impacted. The researchers have notified ARM, whose products also implement frequency scaling, but the company has not provided any feedback on whether its products are affected.

Workarounds are also available, but the researchers pointed out that they can significantly impact performance.

Microsoft and Cloudflare learned about the attack on SIKE from a different team of researchers before being notified by the Hertzbleed team. Both companies have implemented mitigations.

Related: Academics Devise New Speculative Execution Attack Against Apple M1 Chips

Related: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Related: Academics Devise Side-Channel Attack Targeting Multi-GPU Systems

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.