Intel CPUs with Hyper-Threading vulnerable to side-channel attack

Posted on Friday, Nov 02 2018 @ 18:09 CET by Thomas De Maesschalck
Intel logo
Security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba discovered a new vulnerability in Intel processors with Hyper-Threading. Called PortSmash, this new technique runs a malicious process next to legitimate ones, and is capable of retrieving encrypted data from a computer's memory or processor.
Researchers have classified PortSmash as a side-channel attack. In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data.
Proof-of-concept code was published on GitHub and the team confirmed Intel Skylake and Kaby Lake processors are vulnerable to this attack. AMD processors with SMT, like Ryzen and EPYC are likely vulnerable too, but this has not been tested yet. Intel's security team received notice on October 1 and issued a patch yesterday.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments