Critical side-channel vulnerabilities in modern processors became well known in 2018 with Meltdown and Spectre vulnerabilities. And several more same type vulnerabilities followed.
Now the newest on this series is called Hertzbleed Attack. It is a a new family of side-channel attacks: frequency side channels. Hertzbleed takes advantage that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed.
New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors
A team of academic researchers has identified a new side-channel method that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack. While Hertzbleed itself is not an actual serious vulnerability, two CVE identifiers did get assigned to it: CVE-2022-23823 and CVE-2022-24436.
Dubbed Hertzbleed, the new attack method was made public this week by researchers from the University of Texas at Austin, the University of Illinois Urbana-Champaign, and the University of Washington. In addition to a name, the attack has its own website, logo and paper describing Hertzbleed.
According to the researchers, Hertzbleed shows that power side-channel attacks can be turned into remote timing attacks, allowing attackers to obtain cryptographic keys from devices powered by Intel, AMD and possibly other processors.
“Under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second),” the researchers explained.
An analysis of these time differences can allow an attacker — in some cases even a remote attacker can observe the variations — to target cryptographic software and obtain valuable cryptographic keys. The attack was demonstrated against SIKE post-quantum key encapsulation mechanism that is used by companies such as Microsoft and Cloudflare.
Following information can be found at the official web site at https://www.hertzbleed.com/
Am I affected by Hertzbleed?
Intel’s security advisory states that all Intel processors are affected.
AMD’s security advisory states that several of their desktop, mobile and server processors are affected.
Other processor vendors (e.g., ARM) also implement frequency scaling in their products and were made aware of Hertzbleed. However, we have not confirmed if they are, or are not, affected by Hertzbleed.
Hertzbleed is tracked under CVE-2022-23823 and CVE-2022-24436 in the Common Vulnerabilities and Exposures (CVE) system.
The Hertzbleed is not a bug. The root cause of Hertzbleed is dynamic frequency scaling, a feature of modern processors, used to reduce power consumption (during low CPU loads) and to ensure that the system stays below power and thermal limits (during high CPU loads). Herzbleed is a side-effect of that operation.
Cryptographic implementations may be vulnerable to frequency throttling side channels when all the needed conditions are met. If one or more of these listed prerequisites is not satisfied, the cryptography implementation should not be impacted by this type of side channel.
When did you disclose Hertzbleed?
We disclosed our findings, together with proof-of-concept code, to Intel, Cloudflare and Microsoft in Q3 2021 and to AMD in Q1 2022. Intel originally requested our findings be held under embargo until May 10, 2022. Later, Intel requested a significant extension of that embargo, and we coordinated with them on publicly disclosing our findings on June 14, 2022.
Do Intel and AMD plan to release microcode patches to mitigate Hertzbleed?
No. To our knowledge, Intel and AMD do not plan to deploy any microcode patches to mitigate Hertzbleed. However, Intel provides guidance to mitigate Hertzbleed in software. Cryptographic developers may choose to follow Intel’s guidance to harden their libraries and applications against Hertzbleed. For more information, we refer to the official security advisories (Intel and AMD).
Links to more information:
Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
Frequency Throttling Side Channel Software Guidance for Cryptography Implementations
Software Developer Guidance for Power Advisory
Frequency Scaling Timing Power Side-Channels