- Apr 24, 2016
Intel and researchers from UT Austin, UIUC, and UW published papers today outlining the 'Hertzbleed' chip vulnerability that allows side-channel attacks that can steal secret AES cryptographic keys by observing the CPU's boost frequency/power mechanisms. According to external researchers, both Intel and AMD CPUs are impacted, but AMD hasn't issued an advisory yet. The vulnerability doesn't impact all cryptographic code, but some mitigation techniques for impacted systems come with as-yet-undefined performance penalties. Intel says it had found this vulnerability via internal security investigations, but external research teams later disclosed their findings to the company. Today's coordinated disclosure brings the issue into the public eye, but it is likely that CPUs from other vendors are also impacted.
Like all side-channel attacks, a Hertzbleed-based attack steals data by observing or exploiting a secondary effect of an operation on a system. In this case, by observing the power signature of any given cryptographic workload. As with most workloads, the power signature of a cryptographic workload varies due to the CPU's dynamic boost clock frequency adjustments during the workload. An attacker can convert that power information to timing data, allowing them to steal cryptographic keys. Cryptographic implementations that are already hardened against power side-channel attacks aren't susceptible to the Hertzbleed vulnerability.
The vulnerability impacts all Intel processors, and AMD Zen 2 and Zen 3, and can be exploited remotely — it doesn't require physical access. It has only been proven on Intel and AMD silicon. However, it should theoretically apply to almost all modern CPUs because it works by observing the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique, a staple of modern processors. As such, this isn't a microarchitecture-specific attack — any processor with dynamic power and thermal management is potentially impacted. Intel says this has prompted it to share its findings with other chipmakers so they can assess any potential impact.
Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.