• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new hertzbleed side channel attack affects all modern amd and intel

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

You are here: Home / General Cyber Security News / New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs
June 15, 2022

A freshly found out security vulnerability in modern Intel and AMD processors could permit distant attackers steal encryption keys by way of a electricity aspect channel attack.

Dubbed Hertzbleed by a group of researchers from the College of Texas, University of Illinois Urbana-Champaign, and the College of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), electricity and thermal management aspect used to preserve electric power and decrease the quantity of warmth produced by a chip.

“The bring about is that, beneath particular situations, periodic CPU frequency changes rely on the present-day CPU electrical power consumption, and these changes immediately translate to execution time variations (as 1 hertz = 1 cycle per next),” the scientists explained.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity CyberSecurity

This can have substantial security implications on cryptographic libraries even when implemented properly as consistent-time code to reduce timing-based aspect channels, proficiently enabling an attacker to leverage the execution time variants to extract sensitive details these types of as cryptographic keys.

The two AMD (CVE-2022-23823) and Intel (CVE-2022-24436) have issued independent advisories in response to the results, with the latter noting that all Intel processors are impacted by Hertzbleed. No patches have been manufactured accessible.

“As the vulnerability impacts a cryptographic algorithm acquiring energy assessment-based mostly aspect channel leakages, builders can utilize countermeasures on the software code of the algorithm. Possibly masking, hiding, or important-rotation may perhaps be applied to mitigate the attack,” AMD mentioned.

Though no patches have been made offered to address the weak spot, Intel has advised cryptographic builders follow its guidance to harden their libraries and applications in opposition to frequency throttling information and facts disclosure.

This is not the 1st time novel solutions have been uncovered to siphon information from Intel processors. In March 2021, two co-authors of Hertzbleed shown an “on-chip, cross-core” facet-channel attack concentrating on the ring interconnect utilised in Intel Coffee Lake and Skylake processors.

“The takeaway is that present cryptographic engineering procedures for how to publish continual-time code are no longer ample to assurance frequent time execution of program on fashionable, variable-frequency processors,” the scientists concluded.

Observed this post intriguing? Abide by THN on Facebook, Twitter  and LinkedIn to examine much more special information we write-up.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Privacy Watchdog Boosts Legal Funds by Keeping Millions in Fines
Next Post: Microsoft bolsters threat intelligence capabilities with Miburo acquisition microsoft to scrap basic authentication»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.