Security News > 2022 > June > New Hertzbleed side-channel attack affects Intel, AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling.
"In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.
"First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into timing attacks-lifting the need for any power measurement interface."
AMD also revealed that Hertzbleed affects several of its products, including desktop, mobile, Chromebook, and server CPUs using the Zen 2 and Zen 3 microarchitectures.
According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.
Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.
News URL
Related news
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- ChatGPT side-channel attack has easy fix: token obfuscation (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Researchers unveil novel attack methods targeting Intel’s conditional branch predictor (source)