Researchers find way to hack your CPU via AMD and Intel's frequency boosts

pcgamer.com:

A new family of side-channel CPU exploits have been discovered. Researchers are calling it Hertzbleed, and theoretically it could affect anyone, though mostly it's cryptography engineers that need to be alert.

There's actually been some debate from Intel over whether it's a practical threat to most people. For that reason, the company has decided not to patch it, despite having requested a longer embargo before the research was to be published.

We've covered side-channel attacks before, such as Spectre and Meltdown(opens in new tab) CPU exploits, but this one is a whole new kettle of fish (via IFL Science(opens in new tab)).

The research paper(opens in new tab) (PDF warning) goes through their process of exposing the vulnerability. It shows that power side-channel attacks can be turned into timing attacks, meaning hackers can analyse the time your CPU takes to execute cryptographic algorithms and use that against you.

Since dynamic frequency scaling in a CPU depends on the data being processed, it's possible to use the frequency variations in modern Intel and AMD x86 CPUs to leak full cryptographic keys via remote timing. Essentially, the signatures left by the CPU's frequency clock can give it away. The fact this could even be executed remotely was a big worry for the researchers.

The accompanying report(opens in new tab) states up front that «In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.»

Having been informed of the potential dangers—which the researchers note «are significant»—Intel said that «While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab