Security experts identified a new attack, dubbed ‘Hertzbleed,’ that lets perpetrators steal full cryptographic keys from modern Intel and AMD chips.
The attack was discovered by researchers from the University of Washington, University of Illinois Urbana-Champaign, and the University of Texas at Austin.
“We find that, under certain circumstances, DVFS-induced variations in CPU frequency depend on the current power consumption (and hence, data)at the granularity of milliseconds,” according to the research paper. “Making matters worse, these variations can be observed by a remote attacker, since frequency differences translate to wall time differences!”
The technique involves observing CPU frequency variations determined by dynamic voltage and frequency scaling (DVFS). The attack exploits a feature on modern Intel and AMD x86 processors that triggers a variation in the dynamic frequency scaling based on processed data and power consumption.
The vulnerabilities that facilitate the Hertzbleed attack are:
Intel (CVE-2022-24436)– Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to enable information disclosure via network access.
AMD (CVE-2022-23823)– A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
DVFS is a power throttling feature implemented by modern CPUs, which is designed to reduce power consumption and protect systems against overheating and overloading.
In response to the findings, Intel released guidance for cryptographic developers to better secure their libraries and applications against frequency throttling attacks. AMD took a similar stand and recommended developers “apply countermeasures on the software code of the algorithm” to protect against the attack.
The team behind the Hertzbleed academic research paper agrees that disabling the frequency boost feature on affected CPUs can mitigate these attacks. The features are called “Turbo Boost” on Intel and “Precision Boost” or “Turbo Core” on AMD CPUs.
However, they advise against this approach, as disabling frequency boost could “very significantly impact performance.” On the other hand, Intel said perpetrators could perform the attack whether the Turbo Boost feature is enabled or not.
“The throttling side-channel (Hertzbleed) is caused by throttling when system power/current hits certain reactive limit, regardless of whether turbo boost is enabled or not,” as Bleeping Computer reported. Furthermore, Intel recommends referring to the recommended guidelines instead.