Security researches have found a new Intel CPU flaw that exploits Hyper-Threading to steal encrypted data which can allow hackers access to sensitive protected data, like cryptographic keys, passwords, from all other processes running in the same CPU core with simultaneous multi-threading feature enabled. Throughout this article, we will release the details of the flaw and show latest regarding patching and Intel’s response.
Dubbed PortSmash (CVE-2018-5407), PortSmash is a vulnerability discovered by security researches from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel’s Hyper-Threading technology, the company’s implementation of Simultaneous MultiThrading (SMT).
What is MultiThreading?
Simultaneous Multithreading is a type of execution model that allows multiple threads to exist within the context of a process such that they execute independently but share their process resources. A thread maintains a list of information relevant to its execution including the priority schedule, exception handlers, a set of CPU registers, and stack state in the address space of its hosting process. As published on to Techopdie
Since SMT runs two threads in two independent processes alongside each other in the same physical core to boost performance, it is possible for one process to see a surprising amount of what the other is doing and this is where the vulnerability can be exploited.
“We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architectures,” the team says.
“More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”
Meaning that an attacker is able to run a malicious PortSmash process alongside a selected victim process on the same CPU core, allowing for attackers running the PortSmash flaw to see performed operations measuring, the precise time taken to run the operation and user patterns.
Stealing OpenSSL Decryption Keys
Researchers have tested the PortSmash attack against OpenSSL (Version <= 1.0.0h) cryptographic library in a proof-of-concept released on Github, and were successfully able to steal the private decryption key using the exploit which was running on the same physical core as the OpenSSL thread.
While the PortSMash attack has been confirmed to work on Intel’s Kay Lake and Skylake processors at this moment, researchers are strong suspecting that this flaw is also capable of working on other SMT architectures, including AMD’s, with some modifications to their code.
How do I protect my business against PortSmash?
This new side-channel vulnerability has been reported to Intel’s Security team last month, however, when Intel refused to release patches, the team went public with the PoC exploit. Which can either speed up the patching process for Intel or create awareness for attackers to exploit machines.
At this stage TECH PATROL’s simple fix for the PortSmash vulnerability is to disable SMT/Hyper-Threading in the CPU chip’s BIO until Intel releases security patches for the flaw. OpenSSL users can also upgrade to V1.1.1. This technique was used to protect users against Spectre-class attacks.
If you need assistance please contact us as soon as possible.
Other Articles You May Enjoy: