Intel processors are facing a new vulnerability. This enables attackers to leak encrypted data from the CPU’s internal processes. The vulnerability was named PortSmash and was discovered by a team of five academics from Finland and Cuba.
The researchers state that every CPU is designed with a Simultaneous Multithreading (SMT) architecture and is related to its vulnerability. This allows a computer to perform multiple calculations on a processor at the same time. According to the investigators, PortSmash is a side-channel attack.
Side-channel attack PortSmash
A side-channel attack leaks encrypted data from a computer’s memory or CPU. The attack does this by recording and analyzing multiple cases of a CPU. Think of the moments when a device is active. But also the power consumption and electromagnetic leaks. In this way, an attacker can break encryption keys and capture the data from a CPU.
In addition to the legitimate processes, PortSmash also runs a malware process. It does this by using the SMT capabilities that allow multiple processes to run simultaneously. The PortSmash process then steals small amounts of data from the legitimate processes, allowing an attacker to recover the encrypted data.
AMD also vulnerable?
It’s not quite certain yet, but the research team tells ZDNet that it thinks AMD systems are also vulnerable. We are exploring the possibilities of PortSmash for other architectures with SMT, especially AMD Ryzen systems, according to the researchers. They then stated that AMD CPUs are very likely to be affected as well.
As far as the researchers are concerned, developers should stop using SMT processes altogether. Security and SMT are mutually exclusive, the researchers tell us. Their hope is that users will disable SMT in the BIOS or simply stop purchasing SMT architecture.
In a statement, Intel writes that the PortSmash vulnerability is in any case not related to Spectre, Meltdown or the L1 Terminal Fault. We expect that it will also affect other platforms. The company believes that the development of SMT can continue, but that safe development practices are needed. Protecting consumer data and protecting our products remains a top priority.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.