A new serious side-channel vulnerability has been discovered in Intel CPUs by a team of security researchers. The flaw could enable malicious actors to access processes that are running in the same CPU core with simultaneous multithreading technology and steal sensitive information, such as passwords or cryptographic keys.
PortSmash vulnerability tracked as CVE-2018-5407
The discovered flaw was dubbed as PortSmash and can be tracked as CVE-2018-5407.
It is another serious side-channel vulnerability tracked in the past year, together with Meltdown and Spectre, TLBleed and Foreshadows.
This new flaw resides in Intel’s Hyper-Threading technology as Intel implements simultaneous multithreading also known as SMT. Simultaneous Multithreading is a technique used to improve the overall efficiency of superscalar CPUs with hardware multithreading and it works by splitting up each physical core of a processor into virtual cores also called threads. The SMT process allows each threat to run two instruction streams at once.
PortSmash has been discovered by a group of security researchers at the Tampere University of Technology in Finland and Technical University of Havana in Cuba.
We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architectures.
More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.
A malicious actor could apply a malicious PortSmash process alongside its targeted process on the same CPU core. As a result, the PortSmash vulnerability enables the code to access the operations performed by the other process.
PortSmash Vulnerability allows hackers to steal OpenSSL Decryption Keys
The researchers also provide the proof-of-concept testing the vulnerability against OpenSSL cryptography library. The PoC illustrated how hackers can steal the private decryption key exploiting a process that runs on the same physical core as the OpenSSL thread.
The PortSmash vulnerability has been confirmed on Intel Kaby Lake and Skylake processors. However, the PortSmash attack is also suspected to be working on other SMT architectures, such as AMD’s with some adjustments on the code.
Protect your system against PortSmash attack
The PortSmash vulnerability has been reported to Inter security team in October. However, Intel has not provided the patch until November, that is why the PoC was revealed publicly.
The security team provides users with the simple fix Disable SMT/Hyper-Threading in the CPU chip’s BIOS until the company releases patches. In addition, those who use OpenSSL can upgrade to OpenSSL 1.1.0 or later.
- ^ Simultaneous multithreading. Wikipedia, the free encyclopedia.
- ^ CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures. Seclists.
- ^ bbbrumley/portsmash. GitHub.