IT’S NOT A GOOD YEAR for CPU security as security boffins have discovered yet another side-channel vulnerability in Intel Skylake and Kaby Lake generation processors.
Named Portsmash, the vulnerability can exploit the Simultaneous Multithreading (SMT) capabilities in Intel’s processors and leak encrypted data from the CPU or the system’s memory if a malicious process is running simultaneously on a CPU core that’s executing a legitimate process.
The parallel processing SMT facilitates means data can be leaked from the legitimate process and over time reconstructed so that an attacker can figure out the encrypted data within the legit process.
The researchers, who hail from Finland’s Tampere University of Technology and Cuba’s Technical University of Havana, posted a proof-of-concept of a Portsmash exploit on GitHub
“We recently discovered a new CPU microarchitecture attack vector,” the researchers explained. “The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures.”
“More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core,” they added.
While Portsmash is a side-channel attack, it isn’t the same as the Spectre CPU vulnerabilities found in Intel, AMD, and ARM chips earlier this year as it doesn’t mess with memory subsystems or caching, and doesn’t try to exploit speculative execution techniques found in modern chips.
The researchers are slated to post a paper breaking down the vulnerability, but in the meantime they advised users of Intel’s Skylake and Kaby Lake processors to disable the chips’ Hyperthreading capabilities to mitigate the vulnerability.
Intel has released a widely-reported statement about the research and suggested that other chips from other firms *cough* AMD *cough* could be affected.
“Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms,” said Intel.
“Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices.
“Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.”
Whether Portsmash proves to be a dangerous vulnerability in real-world terms has yet to be seen. But it doesn’t paint a great picture for SMT and Intel’s Hyperthreading and perhaps suggests that its time chip makers found new ways to get more performance out of their processors without risks to security. µ
Source : Inquirer