Researchers have discovered a new spying technique that affects all Intel processors, as well as AMD processors. However, no patch is planned to counter this attack.
In computers, data leakage sometimes takes very curious forms. University researchers found a technique, dubbed “Hemorrhage”, which allows you to extract information processed by a computer simply by observing the variations in frequency. To mark the spirits, they demonstrated this flaw by obtaining the secret key of a cryptographic computation based on the SIKE algorithm, one of the candidates for future post-quantum asymmetric cryptography.
To fully understand what’s going on, you already need to know that a processor’s power consumption depends on the data it processes. Based on this observation, the researchers were able, as early as 1998, to extract cryptographic keys from an analysis of the electrical consumption of a computer.
Automatic frequency adjustment
The Hertzbleed attack is, in a sense, a variant of this technique. In fact, modern x86 processors all have a dynamic frequency adjustment function based on power consumption. If the processor reaches a certain consumption threshold (and therefore heat production), automatically, after a certain time, it will lower its frequency in order not to risk a thermal accident (component melting, for example). However, since the processed data can be linked to electricity consumption, by transitivity it is therefore also possible to link them to frequencies. In other words, this adjustment function, if correctly exploited, allows information to be extracted from the processing of the data controller.
This is all the more interesting as it is much easier to observe the frequency of execution of a process than the energy it consumes. For consumption, you can use physical probes – which severely limits the scope of the attack – or query system APIs – which require specific access rights. In contrast, Hertzbleed does not require special privileges on the target machine and can also be run remotely. “The reason is that differences in CPU frequencies translate directly into differences in execution times.”explain the researchers in their scientific report.
Intel plays down this discovery
Researchers have verified this sensitive data leak on Intel processors 8th to 11th generation, as well as AMD Ryzen Zen 2 and Zen 3 processors. Intel has confirmed that this problem affects all of its processors. However, the company minimizes the risk of the Hertzbleed attack. “It’s interesting from a research point of view, but we don’t believe this attack can be performed outside of a laboratory setting.”, believes Intel in a blog post. Besides, nobody patch is intended to counter this attack. Intel has simply published some best practices for developers using cryptographic libraries, in order to limit the level of vulnerability as much as possible.