Intel And AMD May Have Access To Cryptographic Keys Vulnerability In The Heartbleed Chip

  • Both Intel and AMD have CPUs that are impacted. These include AMD Ryzen CPUs desktop and laptop models from the Zen 2 and Zen 3 microarchitectures, as well as Intel Core desktop and laptop models from the ninth to eleventh generation Core microarchitectures.
  • This assault isn’t viable outside of a lab context, according to Intel Senior Director of Security Communications and Incident Response Jerry Bryant, partly because stealing a cryptographic key takes hours to days. This problem is not vulnerable to cryptographic systems that are hardened against power side-channel attacks, he noted.
  • Frequency side channels are a new sort of side-channel assault similar to Hertz Bleed (hence the name Hertz and bleeding out the data). According to the attack’s research paper: In the worst-case scenario, these assaults could allow an attacker to steal cryptographic keys from previously thought-to-be safe distant servers.

Researchers found a flaw in Intel and AMD central processing units (CPUs) that might be exploited by hostile actors to gain access to cryptographic keys. A vulnerability in CPUs known as Hertzbleed, according to researchers at the University of Texas at Austin, the University of Illinois at Urbana-Champaign, and the University of Washington, could allow side-channel attacks that steal cryptographic keys.

Attack Of The Hertz Bleed

Both Intel and AMD have CPUs that are impacted. These include AMD Ryzen CPUs desktop and laptop models from the Zen 2 and Zen 3 microarchitectures, as well as Intel Core desktop and laptop models from the ninth to eleventh generation Core microarchitectures. Tom’s Hardware, a website dedicated to computer hardware, discovered the flaw. Intel and AMD have both published advisories regarding the problem.

Frequency side channels are a new sort of side-channel assault similar to Hertz Bleed (hence the name Hertz and bleeding out the data). According to the attack’s research paper: In the worst-case scenario, these assaults could allow an attacker to steal cryptographic keys from previously thought-to-be safe distant servers. A Heartbleed attack looks for any cryptographic workload’s power signature and utilizes it to steal data. According to Tom’s Hardware, this power signature varies due to the CPU’s dynamic boost clock frequency alterations during the workload.

ALSO READ – What made rumors of Three Arrows Capital’s massive liquidations go wild?

Is There A Way To Make This Work

The vulnerability is not a bug because dynamic voltage and frequency scaling (DVFS) is a feature of current processors meant to reduce power consumption. By monitoring the time it takes for a server to reply to specific queries, attackers can deduce changes in power consumption. The researchers stated, Hertz Bleed is a real and realistic danger to the security of cryptographic software. Be[In]Crypto discovered a bug in Intel’s SGX (Software Guard Extension) in 2020, which might lead to side-channel attacks and compromised crypto keys.

There are no plans for Intel or AMD to release firmware updates to minimize Hertz Bleed, which can be exploited remotely, however there are workarounds. The chip companies claim that disabling frequency boost is a solution for preventing Hertz Bleed. The feature is known as Turbo Boost on Intel CPUs and Turbo Core or Precision Boost on AMD chips. They did add, however, that this is likely to have an influence on the processor’s performance.

This assault isn’t viable outside of a lab context, according to Intel Senior Director of Security Communications and Incident Response Jerry Bryant, partly because stealing a cryptographic key takes hours to days. This problem is not vulnerable to cryptographic systems that are hardened against power side-channel attacks, he noted.

Source: https://www.thecoinrepublic.com/2022/06/15/intel-and-amd-may-have-access-to-cryptographic-keys-vulnerability-in-the-heartbleed-chip/