A new family of side-channel CPU exploits have been discovered. Researchers are calling it Hertzbleed, and theoretically it could affect anyone, though mostly it’s cryptography engineers that need to be alert.
There’s actually been some debate from Intel over whether it’s a practical threat to most people. For that reason, the company has decided not to patch it, despite having requested a longer embargo before the research was to be published.
We’ve covered side-channel attacks before, such as Spectre and Meltdown (opens in new tab) CPU exploits, but this one is a whole new kettle of fish (via IFL Science (opens in new tab)).
The research paper (opens in new tab) (PDF warning) goes through their process of exposing the vulnerability. It shows that power side-channel attacks can be turned into timing attacks, meaning hackers can analyse the time your CPU takes to execute cryptographic algorithms and use that against you.
Since dynamic frequency scaling in a CPU depends on the data being processed, it’s possible to use the frequency variations in modern Intel and AMD x86 CPUs to leak full cryptographic keys via remote timing. Essentially, the signatures left by the CPU’s frequency clock can give it away. The fact this could even be executed remotely was a big worry for the researchers.
The accompanying report (opens in new tab) states up front that “In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.”
Having been informed of the potential dangers—which the researchers note “are significant”—Intel said that “While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.” That’s according to Intel Senior Director of Security Communications and Incident Response, Jerry Bryant, and it’s the main reason the company does not plan to patch it.
The research itself backs this up in that, “Despite its theoretical power, it is not obvious how to construct practical exploits through the frequency side channel.”
We asked Intel why it asked for a longer embargo before the research was published, despite the lack of plans to push a patch out, and were directed to a recent post containing guidance on how to mitigate the side-channel attacks (opens in new tab).
Intel recently sat down with the researchers (opens in new tab) to hash out the issue, and when asked if disabling Turbo Boost might help, the company notes “The throttling side-channel is caused by throttling when system power/current hits certain reactive limit, regardless of whether turbo boost is enabled or not.”
Back in 2020, Intel decided it would improve its CPU security (opens in new tab) to protect against side-channel attacks, but new techniques for decrypting personal data are getting more extravagant by the day. That’s why it’s important for large companies like this to take notice of researchers, and to find ways to mitigate attacks before they can occur.
Intel also shared its findings with other silicon vendors, presumably AMD and the like, so others could get a handle on it, too.