Intel and AMD chips have another serious security flaw to worry about

Can cryptographic keys and other data be stolen directly from the hardware?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Chips fromIntelandAMD, as well as processors from other manufacturers, may be susceptible to a new type of attack which could allow threat actors to steal cryptographic keys and other data directly from theendpoint’shardware.

A team of security researchers, including Riccardo Paccagnella of the University of Illinois Urbana-Champaign, set out to investigate the idea of extracting cryptographic data from a chip by measuring the power consumed during data processing. It’s a relatively old theory that’s been proven inviable in practice, due to the inability to measure power consumption remotely.

But the researchers managed to give the idea a new twist, by turning the attack into a different type of side-channel exploit, and this one is a lot more viable.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Intel plays down the flaw

As it turns out, through dynamic voltage and frequency scaling (DVFS), attackers can track the time the server takes to respond to specific queries, effectively allowing them to spot changes in power consumption. It’s a relatively simple thing, researchers said. They’ve dubbed the vulnerability Hertzbleed, and it’s since being tracked as CVE-2022-24436 for Intel devices, and CVE-2022-23823 for AMD.

While they managed to successfully reproduce the attack on Intel chips from 8th to 11th generation, they’re also saying it works on Xeon, as well as Ryzen chips.

But Intel is having none of it. Responding to the findings, the company’s Senior Director of Security Communications and Incident Response Jerry Bryant, wrote that the idea is not practical outside the lab.

Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability>Keeping your CPU safe from Spectre imposes serious performance penalty>New Meltdown and Spectre exploits have been built, but aren’t in the wild… yet

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment. Also note that cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The chip manufacturers won’t be updating their chips,Ars Technicafound, and will instead endorse changesMicrosoftand Cloudflare made to their PQCrypto-SIDH and CIRCL cryptographic code libraries.

Via:Ars Technica

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

ChatGPT just got easier to find when you’re searching for something