Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys.

Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel and AMD chips.

“Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.” reads the website set up to describe the attack.

The experts will present their findings at the 31st USENIX Security Symposium that will take place in Boston, 10–12 August 2022.

The principle behind the Hertzbleed attack is that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed.

“First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface. The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second).” continues the post. “Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel’s one) are insufficient to guarantee constant-time execution on modern processors.”

The issue is tracked CVE-2022-23823 on AMD and CVE-2022-24436 on Intel, at this time there is no fix for the issue.

Experts pointed out that the Hertzbleed is not a bug, the cause of the issue is dynamic frequency scaling, which is a feature implemented in modern processors to reduce power consumption (during low CPU loads).

The experts shared their findings, along with proof-of-concept code, to Intel, Cloudflare and Microsoft in Q3 2021 and to AMD in Q1 2022.

At this time Intel and AMD don’t plan to release microcode to mitigate the Hertzbleed attack.

Intel provided guidance to mitigate the attack by hardening their libraries and applications.

Is there a workaround?

“Technically, yes. However, it has a significant system-wide performance impact.” concludes the experts. “In most cases, a workload-independent workaround to mitigate Hertzbleed is to disable frequency boost. Intel calls this feature “Turbo Boost”, and AMD calls it “Turbo Core” or “Precision Boost”. Disabling frequency boost can be done either through the BIOS or at runtime via the frequency scaling driver. In our experiments, when frequency boost was disabled, the frequency stayed fixed at the base frequency during workload execution, preventing leakage via Hertzbleed. However, this is not a recommended mitigation strategy as it will significantly impact performance.”

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hertzbleed)

[adrotate banner=”5″]

[adrotate banner=”13″]