15 June 2022

New Hertzbleed side-channel attack allows to extract cryptographic keys from remote servers


New Hertzbleed side-channel attack allows to extract cryptographic keys from remote servers

A team of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington have shared details of a security issue affecting modern Intel and AMD processors that could allow hackers to steal cryptographic keys from remote servers via a side-channel attack involving observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).

The root cause of the issue, dubbed “Hertzbleed,” is dynamic frequency scaling, a feature designed to reduce power consumption (during low CPU loads) and to ensure that the system stays below power and thermal limits (during high CPU loads).

“First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface. The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second),” the researchers explained.

“Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel’s one) are insufficient to guarantee constant-time execution on modern processors.”

The issue impacts all Intel processors (CVE-2022-24436) and several AMD products (CVE-2022-23823), including desktop, mobile, Chromebook, and server CPUs. While both Intel and AMD have issued separate advisories, it is understood that both vendors have no plans to release microcode patches to address Hertzbleed, although the companies did provide guidance to mitigate the issue.

“As the vulnerability impacts a cryptographic algorithm having power analysis-based side channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding, or key-rotation may be used to mitigate the attack,” AMD stated.

The researchers said that disabling frequency boost can help mitigate Hertzbleed in most cases, but it’s not recommended because it will impact performance. Furthermore, on some custom system configurations (with reduced power limits), data-dependent frequency updates may occur even when frequency boost is disabled, the research team has warned.

Back to the list

Latest Posts

Zero Day Initiative cuts some vulnerability disclosure timelines

Zero Day Initiative cuts some vulnerability disclosure timelines

The new approach is aimed at forcing vendors take a quicker action when it comes to ineffective patches.
17 August 2022
Ransomware gang target UK water supplier but send ransom demand to the wrong company

Ransomware gang target UK water supplier but send ransom demand to the wrong company

The threat actors claimed to have access to water treatment SCADA systems and “these systems which control chemicals in water.”
17 August 2022
Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022