• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • ARC: How to Prevent USB Attacks
  • Rockwell Working on PowerMonitor 1000 Fix
  • Horner Clears Cscape Vulnerability
  • Delta Fixes it Industrial Automation CNCSoft
  • Intel Has Fix for Data Center Manager SDK Holes
  • Thermal Fatigue Led to MS Gas Plant Blast …
  • … 3D Model of Failed Heat Exchanger
  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Side-Channel Hole for Intel Chips

Tuesday, November 6, 2018 @ 04:11 PM gHale

Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture can end up leaking encrypted data via a side channel attack.

CVE-2018-5407, also known as PortSmash, affects all CPUs that rely on SMT. By exploiting the vulnerability, an attacker could pull out vital like encryption keys from a computer’s memory or processor.

RELATED STORIES
Breaking Through Intel’s Security Wall
USB Drives Loaded with ICS-Based Malware
Russia Behind Triton Attack: Report
TUG: Safety System Attack ‘Slow Burn’

The issue was discovered by researchers at Tampere University of Technology in Finland, and Universidad Tecnológica de la Habana (CUJAE) in Cuba. By exploiting the vulnerability, they were able to steal an OpenSSL P-384 private key from a TLS server.

“The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures,” said Billy Brumley from the Tampere University of Technology in a post. “More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”

SMT technology makes it possible for multiple threads to execute simultaneously on a CPU core. Because of this malicious code could snoop into the code running on the other thread on the same core.

For the attack to be successful, the malicious process needs to run on the same physical core as the victim process.

The vulnerability has been verified on Intel’s Skylake and Kaby Lake processors.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Two Face Stolen Credit Card Charges
Pipeline Visibility Cuts Downtime »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com