Blog

Researchers Find New CPU Security Vulnerability

Jul 19, 2022 | Blog

Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent shockwaves through the entire world.

Well, it’s back. In a way.

While this new side-channel attack isn’t identical, it’s similar enough that the researchers who discovered it gave it a similar sounding name:  Hertzbleed.  It allows remote attackers to pilfer full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling, or DVFS for short.

In other words, hackers can monitor the electrical output of your PC and based on that, derive your cryptographic keys.

A team from the University of Texas at Austin, in collaboration with others from the University of Washington and the University of Illinois Urbana-Champaign are credited with the discovery of the new attack vector.

The team had this to say about their discovery:

“In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [..] Hertzbleed is a real, and practical, threat to the security of cryptographic software.

First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks–lifting the need for any power measurement interface.

Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis.”

To be fair, this is an incredibly exotic attack that would be extremely difficult for even the most experienced hackers in the world to pull off.  Even so, there are hackers out there in the world who have the skills to do this. That is why it’s somewhat disturbing that neither Intel nor AMD have any plans to issue a fix for the issues that make Hertzbleed possible.

Per an Intel spokesman:

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.”

While that’s true, hackers have always been known for being more interested in bragging rights than practicality. In our view, it’s just a matter of time before we see Hertzbleed in the headlines.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech