New side-channel flaw in Intel CPUs could allow hackers to steal sensitive data

A new serious side-channel vulnerability has been discovered in Intel CPUs by a team of security researchers. The flaw could enable malicious actors to access processes that are running in the same CPU core with simultaneous multithreading technology and steal sensitive information, such as passwords or cryptographic keys.

Vulnerability in Intel

PortSmash vulnerability tracked as CVE-2018-5407

The discovered flaw was dubbed as PortSmash and can be tracked as CVE-2018-5407.[1]

It is another serious side-channel vulnerability tracked in the past year, together with Meltdown and Spectre, TLBleed and Foreshadows.

This new flaw resides in Intel’s Hyper-Threading technology as Intel implements simultaneous multithreading also known as SMT. Simultaneous Multithreading[2] is a technique used to improve the overall efficiency of superscalar CPUs with hardware multithreading and it works by splitting up each physical core of a processor into virtual cores also called threads. The SMT process allows each threat to run two instruction streams at once.

PortSmash has been discovered by a group of security researchers at the Tampere University of Technology in Finland and Technical University of Havana in Cuba.

We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architectures.

More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.

A malicious actor could apply a malicious PortSmash process alongside its targeted process on the same CPU core. As a result, the PortSmash vulnerability enables the code to access the operations performed by the other process.

PortSmash Vulnerability allows hackers to steal OpenSSL Decryption Keys

The researchers also provide the proof-of-concept[3] testing the vulnerability against OpenSSL cryptography library. The PoC illustrated how hackers can steal the private decryption key exploiting a process that runs on the same physical core as the OpenSSL thread.

The PortSmash vulnerability has been confirmed on Intel Kaby Lake and Skylake processors. However, the PortSmash attack is also suspected to be working on other SMT architectures, such as AMD’s with some adjustments on the code.

Protect your system against PortSmash attack

The PortSmash vulnerability has been reported to Inter security team in October. However, Intel has not provided the patch until November, that is why the PoC was revealed publicly.

The security team provides users with the simple fix  Disable SMT/Hyper-Threading in the CPU chip’s BIOS until the company releases patches. In addition, those who use OpenSSL can upgrade to OpenSSL 1.1.0 or later.

About the author
Linas Kiguolis
Linas Kiguolis - Senior IT developer

Linas Kiguolis is a senior IT developer and news editor at Reviewedbypro.com. He has a major in Applied Computer Science because IT has been his passion for a very long time even before he went to college.

Contact Linas Kiguolis
About the company Esolutions

References
The world’s leading VPN
News
Subscribe
Privacy
Security
Recovery