Hardware

They discover a vulnerability in both Intel and AMD chips

Photo of Benjamin Rosa Benjamin Rosa Send an email 15 June, 2022
1 589 2 reading minutes
amd cpu chip fpga threadripper 5000

Intel and AMD chips, as well as processors from other manufacturers; they seem to be exposed to a new type of attack. The attack in question could allow threat actors to steal cryptographic keys and other data directly from the endpoint hardware.

A team of security researchers, including Riccardo Paccagnella of the University of Illinois Urbana-Champaign; set out to investigate the idea of ​​extracting cryptographic data from a chip by measuring the power consumed during data processing. This is an old theory that has proven unfeasible in practice, due to the impossibility of measuring energy consumption from a distance. But along the way, the researchers managed to put a new spin on the idea and turned the attack into a different kind of exploit much more viable side channel.

They discover an attack that affects virtually all possible chips

Using dynamic voltage and frequency scaling, attackers can track the time the server takes to respond to specific queries. This allows them to detect changes in energy consumption. It's relatively simple, at least according to the researchers. This vulnerability has been called Hertzbleed, and is being tracked as CVE-2022-24436 for Intel devices, and CVE-2022-23823 for AMD.

In the case of Intel processors, the attack was successfully reproduced on Intel 8th to 11th generation chips, and they also say it works on Xeon chips. The AMD Ryzen would also be exposed. But Intel doesn't agree that's possible, given that the company's Senior Director of Security Communications and Incident Response, Jerry Bryant; wrote that the idea of ​​this vulnerability not practical outside the lab.

It also says to keep in mind that cryptographic implementations that are hardened against power side channel attacks are not vulnerable to this problem. Chip manufacturers do not go to their CPUs against this vulnerability, at least according to the Ars Technica portal. Instead, will support the changes that Microsoft and Cloudflare have made to their cryptographic code libraries PQCrypto-SIDH and CIRCL. Thus, if Microsoft updates those libraries and implements the change in a Windows 10 security update or Windows 11, possibly your system will be safe by then and you don't have to worry about getting cyber-attacked.

Source: TechRadar

Photo of Benjamin Rosa Benjamin Rosa Send an email 15 June, 2022
1 589 2 reading minutes
Show more
Photo of Benjamin Rosa

Benjamin Rosa

Madrileño whose publishing career began in 2009. I love investigating curiosities that I later bring to you, readers, in articles. I studied photography, a skill that I use to create humorous photomontages.

Related publications

amd-ryzen-9-4950x-ryzen-9-5950x

Ryzen 9 4950X at a frequency of 4.8GHz or… maybe the Ryzen 9 5950X?

August 6, 2020
1483742201515

Asus ROG Rapture GT-AC5300 the router for «gamers»

11 January 2017

It is not yet in sight that SSDs will replace hard drives in data centers

August 17, 2023

Leaked the specifications of the AMD Radeon RX 7800 XT

August 4, 2023

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top
CLOSE

Ad blocker detected

This site is funded through the use of advertising. We always make sure that the advertising is not too intrusive for the reader and we prioritize the reader's experience on the website. However, if you block the ads, part of our funding will be reduced.