Hertzbleed attack: watch out for your private keys! – BeinCrypto France

According to a group of researchers, Intel and AMD processors suffer from a flaw that could be exploited for access to crypto private keys.

According to researchers from the University of Texas at Austin, the University of Illinois at Urbana-Champaign and the University of Washington, this flaw called “Hertzbleed” could allow “side channel attacks” targeting the keys private crypto.

The attack targets Intel and AMD processors. These include Intel’s eighth through 11th generation desktop and laptop models with the Core microarchitecture, and AMD Ryzen desktop and laptop models with Zen 2 and Zen 3 microarchitectures.

The flaw was reported by Tom’s Hardware magazine. Intel and AMD also released statements about it.

The Hertzbleed Attack

Hertzbleed is a new type of attack targeting frequency side channels (Hertz refers to frequency while the word “bleed” which means “bleed” refers to data leakage). According to a research paper on the attack:

“In the worst case, these attacks can allow the attacker to extract cryptographic private keys from remote servers that were previously believed to be secure.”

A Hertzbleed attack can monitor the power signature of any cryptographic workload and use it to steal the data. This power signature varies with adjustments to the processor’s dynamic clock rate during the workload, says Tom’s Hardware.

Dynamic Voltage and Frequency Scaling (DVFS) is a feature used by next-generation processors to reduce power consumption. Thus, this flaw is not a bug.

Attackers can determine fluctuations in power consumption by monitoring how long it takes for a server to respond to specific requests.

“Hertzbleed is a real and practical threat to the security of cryptographic software,” the researchers noted.

In 2020, Be[In]Crypto reported the discovery of a flaw in Intel’s Software Guard Extension (SGX) that could also lead to side-channel attacks and crypto key hacking.

Is there a solution?

So far, Intel and AMD have not announced any fixes for the Hertzbleed flaw, which can also be exploited remotely. There are, however, a few ways to protect yourself from it.

According to the two companies, the solution is to disable the frequency boost. For Intel processors, the feature is called “Turbo Boost,” while for AMD chips, it’s known as “Turbo Core” or “Precision Boost.” However, the companies point out that this option is likely to impact processor performance.

According to Jerry Bryant, communications manager for Intel’s Security and Incident Department, this attack is impractical outside of a test environment, in part because it takes “hours or even days” to complete. steal a cryptographic key. He added that “cryptographic implementations that are protected against attacks by a side power channel are not vulnerable to this problem.”

Disclaimer

All information on our website is published in good faith and for general information purposes only. Any action taken by the reader based on information found on our website is entirely at their own risk.

We want to give thanks to the writer of this write-up for this incredible web content

Hertzbleed attack: watch out for your private keys! – BeinCrypto France


Explore our social media profiles as well as other related pageshttps://metfabtech.com/related-pages/