Side-Channel Hole for Intel Chips

Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture can end up leaking encrypted data via a side channel attack.

CVE-2018-5407, also known as PortSmash, affects all CPUs that rely on SMT. By exploiting the vulnerability, an attacker could pull out vital like encryption keys from a computer’s memory or processor.

RELATED STORIES
Breaking Through Intel’s Security Wall
USB Drives Loaded with ICS-Based Malware
Russia Behind Triton Attack: Report
TUG: Safety System Attack ‘Slow Burn’

The issue was discovered by researchers at Tampere University of Technology in Finland, and Universidad Tecnológica de la Habana (CUJAE) in Cuba. By exploiting the vulnerability, they were able to steal an OpenSSL P-384 private key from a TLS server.

“The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures,” said Billy Brumley from the Tampere University of Technology in a post. “More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”

SMT technology makes it possible for multiple threads to execute simultaneously on a CPU core. Because of this malicious code could snoop into the code running on the other thread on the same core.

For the attack to be successful, the malicious process needs to run on the same physical core as the victim process.

The vulnerability has been verified on Intel’s Skylake and Kaby Lake processors.