Security News > 2022 > June > New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack.
This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.
Both AMD and Intel have issued independent advisories in response to the findings, with the latter noting that all Intel processors are affected by Hertzbleed.
"As the vulnerability impacts a cryptographic algorithm having power analysis-based side channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding, or key-rotation may be used to mitigate the attack," AMD stated.
While no patches have been made available to address the weakness, Intel has recommended cryptographic developers follow its guidance to harden their libraries and applications against frequency throttling information disclosure.
In March 2021, two co-authors of Hertzbleed demonstrated an "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors.
News URL
https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html
Related news
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- ChatGPT side-channel attack has easy fix: token obfuscation (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Researchers unveil novel attack methods targeting Intel’s conditional branch predictor (source)