A group of academic researchers has found a potential side-channel method that uses a CPU timing hack to allow attackers to remotely retrieve critical information from a target network. The problem, which has been dubbed Hertzbleed by a team of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, is induced by dynamic voltage and frequency scaling (DVFS), power and thermal management feature used to conserve power and reduce the amount of heat generated by a chip.
"Periodic CPU frequency adjustments depend on current CPU power usage under particular situations, and these adjustments immediately translate to execution time variations (since 1 hertz Equals 1 cycle per second)," the researchers stated. An intruder can exploit cryptographic software and get crucial cryptographic keys by analyzing these temporal differences – in some circumstances, even a remote attacker can detect the variances.
SIKE, or Supersingular Isogeny Key Encapsulation, a post-quantum key encapsulation technology utilized by firms like Microsoft and Cloudflare, was used to demonstrate the assault.
In reaction to the discoveries, both AMD (CVE-2022-23823) and Intel (CVE-2022-24436) have released independent advisories, with the latter stating that Hertzbleed affects all Intel processors due to unauthorized access.
There are no patches available.
Intel has issued two customer advisories in response to the Hertzbleed attacks. All of Intel's chips are affected, as per the chipmaker. While no CPU firmware changes have been released, the company has provided cryptography recommendations for software developers to "harden its libraries and applications from frequency throttling information leaking."
Hertzbleed has been the subject of an AMD alert; several desktops, mobile, Chromebook, and server processors have been identified as being affected by the bug, as per the company. AMD has also recommended that software developers implement defenses.
It's not the first time that new data theft techniques from Intel chips have been discovered. Two Hertzbleed co-authors showed an "on-chip, cross-core" side-channel attack targeting Intel Coffee Lake and Skylake CPUs' ring interconnect in March 2021. The researchers stated, "The message is that current cryptography engineering approaches for writing constant-time code are no longer sufficient to guarantee constant-time execution of software on newer, variable-frequency CPUs."
