Attackers can steal Advanced Encryption Standard (AES) cryptographic keys by snooping on a computer’s frequency and power boost mechanisms, the researchers say.
The researchers were able to identify the vulnerability only in Intel and AMD processors, but other computers may be affected.
The report was written by researchers from the University of Texas at Austin, the University of Illinois at Urbana-Champaign, and the University of Washington.
How the Hertzbleed attack works
According to the report, this side-channel attack steals data by monitoring the impact of the operation on the system. The attack monitors the power consumption of any intended cryptographic workload, as power signatures vary across systems.
The attacker can then convert the received energy information into timing data in order to steal the cryptographic keys. Hackers can also use the Hertzbleed attack remotely.
Hertzbleed is a new family of side channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously considered secure.
Although only Intel and AMD processors have been tested, all modern processors are likely vulnerable since most of them have a power consumption algorithm called dynamic voltage frequency scaling (DVFS) that hackers can monitor.
The vulnerability affects all Intel processors, as well as AMD Zen 2 and Zen 3 system processors.
Intel and AMD React
According to available information, the chip giants do not plan to release a firmware patch.
The report recommends that users turn off the overclocking feature. This is known as “Turbo boost” on Intel and “Precision boost” on AMD. However, this may affect the performance of their system.
Intel also disclosed that he shared the results of his research with other chip manufacturers for similar evaluations of their systems. It was further said that the hours required to steal cryptographic keys can be difficult to achieve except in laboratory conditions.
Credit : cryptoslate.com