“Hertzbleed” Explota Intel y AMD Boost Frequencies para robar claves criptográficas


En 2017, el mundo de los semiconductores se sorprendió al descubrir nuevas vulnerabilidades en la tecnología Intel moderna, AMD, y procesadores Arm. Apodado Spectre y Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Hoy, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly calledHeartzbleed,” the new exploit can steal secret AES cryptographic keys when observing CPU’s boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload’s power varies according to the processor’s frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, y Zen 2 y Zen 3 atrápalos todos. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Además, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.