A new security vulnerability discovered by researchers from University of Texas, University of Illinois Urbana-Champaign and the University of Washington in the US, lets attackers steal cryptographic keys from all modern Intel and AMD CPUs.
Called Hertzbleed, the vulnerability has been observed in the dynamic voltage and frequency scaling modules on the chip, which are used to regulate clock speeds and conserve power to reduce heat produced by the chip.
Using the Hertzbleed attack, the attacker can observe the power signature of any cryptographic key. Normally, the power signature of keys tend to be dynamic as the CPU adjusts clock frequencies according to the workload.
However, Hertzbleed allows the attacker to convert that power signature into timing data, which allows them to locate and steal crypto keys. This vulnerability affects all Intel processors, and AMD's Zen 2 and Zen 3 processors. What's worse is that the attack can be done remotely, requiring no physical access of the CPUs.
AMD and Intel have both issued security advisories for the issue, and AMD stated that, "As the vulnerability impacts a cryptographic algorithm having power analysis-based side channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding, or key-rotation may be used to mitigate the attack."
Intel also took a similar stance, saying that they do not believe that this vulnerability can be exploited and the attack was not, "practical outside of a lab environment."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
