Connect with us

AMD

Hackers can steal crypto keys on Intel, AMD CPUs via ‘Hertzbleed’ vulnerability

Published

on

Hackers can steal crypto keys on Intel, AMD CPUs via ‘Hertzbleed’ vulnerability

Hackers can steal crypto keys on Intel, AMD CPUs via ‘Hertzbleed’ vulnerability Oluwapelumi Adejumo · 44 mins ago · 2 min read

Hacks

The researchers noted that the result of the research could be applied to all modern CPUs as the majority possess the Dynamic Voltage Frequency Scaling (DVFS).

Advertisement

2 min read

Updated: June 15, 2022 at 11:47 am

Cover art/illustration via CryptoSlate

👋 Want to work with us? CryptoSlate is hiring for a handful of positions!
Advertisement

New research shows that malicious players can steal cryptographic keys on Intel and AMD processors using a side-channel vulnerability attack known as ‘Hertzbleed,’ Tom’s Hardware reported.

According to the researchers, attackers can steal Advanced Encryption Standard (AES) cryptographic keys by monitoring a computer’s boost frequency and power mechanisms.

The researchers have only been able to identify the vulnerability in Intel and AMD CPUs, but other computers may also be affected.

The report was compiled by researchers from the University of Texas, Austin, University of Illinois Urbana-Champaign, and the University of Washington.

How the Hertzbleed attack works

Per the report, this side-channel attack steals data by monitoring the impact of an operation on a system. The attack observes the energy impression of any stipulated cryptographic workload since power signatures vary on different systems.

Advertisement

The attacker can then transform the obtained energy information into timing data to steal the cryptographic keys. Hackers can also use the Hertzbleed attack remotely.

Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.

While only Intel and AMD processors have been tested, all modern CPUs are likely vulnerable as most possess a power algorithm called Dynamic Voltage Frequency Scaling (DVFS), which hackers can monitor.

The vulnerability affects all Intel processors, alongside AMD’s Zen 2 and Zen 3 system processors.

Intel and AMD react

According to available information, the chip giants have no plans to deploy a  firmware patch.

The report advises users to disable the frequency boost feature. On Intel, it is known as “Turbo boost” and “Precision boost” on AMD. However, that could affect their system’s performance.

Advertisement

Intel also revealed that it had shared the result of its investigations with other chip makers for similar assessments of their systems. It continued that the hours required to steal the cryptographic keys might be challenging to achieve except in a lab setting.

Trending

Get our daily News updatesSignup to get instant updates straight to your email