Researchers at Illinois Champaign (UIUC), UT Austin, and the University of Washington have disclosed a new side-channel attack targeting x86 CPUs, which they named Hertzbleed and created a logo to highlight its severity. Hertzbleed takes advantage of the dynamic frequency scaling of modern x86 processors. The frequency of the CPU will vary depending on the data being processed. The same program can run on different CPU frequencies and therefore have different actual times. A remote attacker can observe this. One change and use it to steal encryption keys. All Intel processors, AMD Ryzen processors, are affected by the attack. The researchers reported the vulnerability to Intel in the third quarter of last year, but the vulnerability was not disclosed until June 14 at Intel’s request, for an unknown reason. Neither Intel nor AMD have plans to release a microcode update to mitigate the attack, and the workaround is to disable dynamic frequency scaling — what Intel calls Turbo Boost, and AMD calls it Precision Boost.
This article is reprinted from: https://www.solidot.org/story?sid=71832
This site is for inclusion only, and the copyright belongs to the original author.