[Update: Intel Responds] Yet Another Side-Channel Vulnerability Discovered – Verified on Skylake and Kaby Lake
Intel doesn't seem to be catching a break... Security researchers have now discovered another chip flaw that could allow attackers to leak encrypted processor data. Dubbed as PortSmash, researchers have verified the exploit on Intel Skylake and Kaby Lake processors. However, they suggested that all CPUs that use a Simultaneous Multithreading (SMT) architecture are impacted.
SMT allows multiple computing threads to be executed in parallel on a CPU core and with this security flaw, attackers can run a malicious process next to legitimate processes using the architecture's parallel thread running capabilities. By doing this, the malicious process can then exfiltrate data from the legit processes running on the same core.
Four academics from the Tampere University of Technology, Tampere, Finland along with a researcher from Universidad Tecnológica de la Habana (CUJAE), Habana, Cuba have posted a proof-of-concept of this new side-channel attack on GitHub.
"We recently discovered a new CPU microarchitecture attack vector," the researchers wrote. "The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures."
"More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core."
The proof-of-concept code is currently available on GitHub that can be used to execute PortSmash attack on Intel Skylake and Kaby Lake out of the box. "For other SMT architectures, customizing the strategies and/or waiting times in spy is likely needed," the researchers said. As for the impact on AMD systems, the research team told ZDNet that they strongly suspect that AMD CPUs are also impacted.
The research team suggested to "disable SMT/Hyper-Threading in the bios" and "upgrade to OpenSSL 1.1.1 (or >= 1.1.0i" as potential fixes.
This latest discovery is one of the first results of "SCARE: Side-Channel Aware Engineering" research project funded by the European Research Council, with an aim to find and mitigate new side-channel attacks. Tracked as CVE-2018-5407, the researchers went public with their discovery yesterday. Intel was notified of this vulnerability last month but is yet to respond to this new attack or any possible fixes.
[Update]: Intel responds to the latest security flaw
In an emailed statement to Wccftech, an Intel spokesperson said the company believes the issue isn't unique to Intel platforms. Here's the full statement:
“Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.”
- A research paper detailing the latest vulnerability is expected to be published soon. We will update this space when it's made available to the public.