Blog

Another Intel Processor Vulnerability Found

Nov 12, 2018 | Blog

Intel just can’t seem to catch a break.  By now, almost everyone has heard about the dreaded Spectre and Meltdown vulnerabilities which have been plaguing the chip maker since they were first discovered.  Now, it seems there’s a new chip-based threat.

This latest threat has been dubbed PortSmash by the research team from the Tampere University of Technology in Finland and the Technical University of Havana, in Cuba who jointly discovered it.  It works by abusing a weakness in Intel’s Hyper-Threading technology, which is Intel’s implementation of SMT (Simultaneous Multi Threading).

The researchers had this to say about the attack:

“We recently discovered a new CPU microarchitecture attack vector.  The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architecture.

More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”

In plain English, the vulnerability allows hackers to run a PortSmash process alongside a selected process running on the same CPU core. In doing so, the ProtSmash process can spy on that application and even lift data from it as desired by the hackers.

The team released a proof of concept on Github and demonstrated their ability to steal private decryption keys.

So far, the team has confirmed that the exploit works on Intel’s Skylake and Kaby Lake processors, but there’s strong circumstantial evidence that with modifications, the exploit would work on other chipsets as well, including those developed by rival AMD.

The reason for this is because the researchers believe SMT to be fundamentally flawed. It shares resources between two CPU instances while not providing any form of security differentiators between the two instances.

The research team responsibly reported the flaw to Intel, but the company did not respond in a timely manner, so the team published their findings, which prompted action by Intel.  The company released a security patch on November 1.

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech