Intel just can’t seem to catch a break. By now, almost everyone has heard about the dreaded Spectre and Meltdown vulnerabilities which have been plaguing the chip maker since they were first discovered. Now, it seems there’s a new chip-based threat.
This latest threat has been dubbed PortSmash by the research team from the Tampere University of Technology in Finland and the Technical University of Havana, in Cuba who jointly discovered it. It works by abusing a weakness in Intel’s Hyper-Threading technology, which is Intel’s implementation of SMT (Simultaneous Multi Threading).
The researchers had this to say about the attack:
“We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architecture.
More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”
In plain English, the vulnerability allows hackers to run a PortSmash process alongside a selected process running on the same CPU core. In doing so, the ProtSmash process can spy on that application and even lift data from it as desired by the hackers.
The team released a proof of concept on Github and demonstrated their ability to steal private decryption keys.
So far, the team has confirmed that the exploit works on Intel’s Skylake and Kaby Lake processors, but there’s strong circumstantial evidence that with modifications, the exploit would work on other chipsets as well, including those developed by rival AMD.
The reason for this is because the researchers believe SMT to be fundamentally flawed. It shares resources between two CPU instances while not providing any form of security differentiators between the two instances.
The research team responsibly reported the flaw to Intel, but the company did not respond in a timely manner, so the team published their findings, which prompted action by Intel. The company released a security patch on November 1.
