Security News > 2022 > June > New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs

New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs
2022-06-15 20:12

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack.

This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.

Both AMD and Intel have issued independent advisories in response to the findings, with the latter noting that all Intel processors are affected by Hertzbleed.

"As the vulnerability impacts a cryptographic algorithm having power analysis-based side channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding, or key-rotation may be used to mitigate the attack," AMD stated.

While no patches have been made available to address the weakness, Intel has recommended cryptographic developers follow its guidance to harden their libraries and applications against frequency throttling information disclosure.

In March 2021, two co-authors of Hertzbleed demonstrated an "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors.


News URL

https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539
AMD 892 5 120 122 27 274