Researchers at the University of Texas have discovered, in collaboration with the University of Washington and the University of Illinois Urbana-Champaign, a new vulnerability that reportedly affects all modern AMD and Intel CPUs. The flaw is being referred to as “Hertzbleed” and is a new group of side-channel attacks. The meaning behind the name is that is allows hackers the ability to use frequency side channels to extract cryptographic keys from remote servers by taking advantage of dynamic frequency scaling and the timing of the process.
The security researchers stated that they were able to demonstrate how a clever attacker could leverage a novel chosen-ciphertext attack against SIKE. This would lead to performance of full key extraction via remote timing. Intel and AMD have both released advisories addressing the vulnerability and confirming that the processors were susceptible to the attacks. The researchers believe that despite the statements no patches will be released. Users should exercise caution and follow Intel’s guidance on how to harden their libraries to protect against the flaw.
Read More: US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs