Security News > 2022 > June > New Hertzbleed side-channel attack affects Intel, AMD systems

New Hertzbleed side-channel attack affects Intel, AMD systems
2022-06-14 19:55

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling.

"In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.

"First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into timing attacks-lifting the need for any power measurement interface."

AMD also revealed that Hertzbleed affects several of its products, including desktop, mobile, Chromebook, and server CPUs using the Zen 2 and Zen 3 microarchitectures.

According to the research team behind Hertzbleed, Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks described as frequency side channels.

Per AMD's guidance, developers can use masking, hiding, or key-rotation to mitigate power analysis-based side-channel leakages in Hertzbleed attacks.


News URL

https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-systems/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539
AMD 821 5 111 109 26 251