Researchers have discovered a vulnerability in Intel and AMD central processing units (CPUs) that could be used by malicious actors to access cryptographic keys.
According to researchers at the University of Texas Austin, the University of Illinois at Urbana-Champaign, and the University of Washington, a vulnerability called “Hertzbleed” in CPUs could allow “side-channel attacks” that can steal cryptographic keys.
CPUs from both chip giants Intel and AMD are affected. These include Intel desktop and laptop models from the eighth to the 11th generation Core microarchitecture, and AMD Ryzen chips desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.
Hertzbleed is a new type of side-channel attack called frequency side channels (hence the name Hertz and bleeding out the data). According to the research paper on the attack:
“In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.”
A Hertzbleed attack observes the power signature of any cryptographic workload and uses this to steal the data. This power signature varies due to the CPU’s dynamic boost clock frequency adjustments during the workload, reported Tom’s Hardware.
Dynamic voltage and frequency scaling (DVFS) is a feature of modern processors used to reduce power consumption, so the vulnerability is not a bug.
Attackers can deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific queries.
“Hertzbleed is a real, and practical, threat to the security of cryptographic software,” the researchers noted.
In 2020, Be[In]Crypto reported the discovery of a flaw in Intel’s SGX (Software Guard Extension) that could also lead to side-channel attacks and compromised crypto keys.
Is there a workaround?
Intel and AMD have no current plans to deploy any firmware patches to mitigate Hertzbleed which can also be exploited remotely, however, there are workarounds.
According to the chip companies, the workaround to mitigate Hertzbleed is to disable frequency boost. For Intel CPUs the feature is called “Turbo Boost”, and for AMD chips it is known as “Turbo Core” or “Precision Boost”. However, this is likely to impact the performance of the processor, they noted.
According to Intel Senior Director of Security Communications and Incident Response Jerry Bryant, this attack is not practical outside of a lab environment, partially because it takes “hours to days” to steal a cryptographic key. He added that “cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue.”