New Intel And AMD CPU Vulnerability Lets Hackers Steal Encryption Keys

Share post:

Researchers have discovered that microprocessors from Intel, AMD, and others have a weakness that attackers can exploit to obtain cryptographic keys and other secret data traveling via hardware.

The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature present in every modern CPU—enables attackers to deduce the changes in power consumption by measuring the time it takes for a server to respond to certain carefully made queries. By understanding how the DVFS feature functions, power side-channel attacks become less complex timing attacks that can be performed remotely.

The researchers have named this attack Hertzbleed as it uses the insights into DVFS to bleed out data that is supposedly private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs. The researchers have demonstrated how the exploit technique they developed can be utilized to extract an encryption key from a server running SIKE, a cryptographic algorithm used to create a secret key between two parties over an insecure communications channel.

The team of researchers said they successfully replicated their attack on Intel CPUs from the 8th to the 11th generation of the Core microarchitecture. They also claimed that this attack would work on Intel Xeon CPUs and confirmed that AMD Ryzen processors are vulnerable and also allowed the same SIKE attack used against Intel chips. The researchers also claimed that chips made by other manufacturers may also be vulnerable.

It remains unclear if Hertzbleed represents a clear threat. Hence, developers should keenly study how the findings impact the security of the cryptographic software they design. 

For more information, read the original story in Arstechnica.

SUBSCRIBE NOW

Related articles

20 dollars unmasks a major vulnerability in the internet infrastructure. Cyber Security Today for Friday the 13th, September 2024

US Cyber Security and Infrastructure Agency -  CISA has added three significant vulnerabilities to its “known exploited vulnerabilities...

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways