Home » Cyber Security News » New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

Discovered by a team of security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel’s Hyper-Threading technology, the company’s implementation of Simultaneous MultiThreading (SMT).

Simultaneous MultiThreading is a performance feature that works by splitting up each physical core of a processor into virtual cores, known as threads, allowing each core to run two instruction streams at once.

Since SMT runs two threads in two independent processes alongside each other in the same physical core to boost performance, it is possible for one process to see a surprising amount of what the other is doing.
Thus, an attacker can run a malicious PortSmash process alongside a selected victim process on the same CPU core, allowing the PortSmash code to snoop on the operations performed by the other process by measuring the precise time taken for each operation.

PortSmash Attack to Steal OpenSSL Decryption Keys

As a proof-of-concept released on Github, researchers tested the PortSmash attack against OpenSSL (version <= 1.1.0h) cryptography library and were successfully able to steal the private decryption key using a malicious process (exploit) running on the same physical core as the OpenSSL thread (victim).

While the PortSmash attack has been confirmed to work on Intel’s Kaby Lake and Skylake processors at this moment, researchers “strongly suspected” the attack to work on other SMT architectures, including AMD’s, with some modifications to their code.

In August this year, after TLBleed and ForeShadow attacks were unveiled, Theo de Raadt, the founder of OpenBSD and leader at OpenSSH projects, advised users to disable SMT/Hyperthreading in all Intel BIOSes.

He also suspected that “there will be more hardware bugs and artifacts disclosed. Due to the way SMT interacts with speculative execution on Intel CPUs, I expect SMT to exacerbate most of the future problems.”

How to Protect Your Systems Against PortSmash Attack

Researchers reported the new side-channel vulnerability to Intel security team early last month, but when the company failed to provide the security patches until 1 November, the team went public with the PoC exploit.

The team has also promised to release detailed paper on the PortSmash attack, titled Port Contention for Fun and Profit, in the coming days.

The simple fix for the PortSmash vulnerability is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches. OpenSSL users can upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches).

In June this year, the OpenBSD project disabled Intel’s Hyper-Threading to prevent its users from previously disclosed Spectre-class attacks, as well as future timing attacks.

AMD is investigating the PortSmash side-channel vulnerability report to know any potential AMD product susceptibility.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket