News Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys

mavroxur

Distinguished
Feb 8, 2009
1,499
6
19,465
58
This seems like such a niche vulnerability. It would require extreme precision current monitoring of the CPU itself at a very, very high sampling rate. I mean, if someone comes to my door with lab equipment wanting me to hook it up to my system, I'd personally be a little suspect.....
 

Alvar "Miles" Udell

Respectable
Apr 1, 2020
602
328
2,260
0
Naturally, the most direct method of stopping the attack is to disable Turbo Boost (Intel) or Precision Boost (AMD) entirely, but that has a tremendous performance impact.
Which is false. Manual overclocking has positive multicore performance improvements while carrying a minimal to zero single thread performance penalty, and I can say this from experience with the Ryzen 1800X and 3700X, both on a Crosshair VI Hero WiFi, and my current 5950X on an X570S Aorus Master. None of those CPUs ever came close to the all core boost I obtained by overclocking, and none of them ever hit their advertised boost speed under a single core load despite removed limits and liquid cooling.
 

HyperMatrix

Distinguished
May 23, 2015
94
65
18,610
0
Intel and groups of researchers divulged the 'Hertzbleed' chip vulnerability that allows stealing cryptographic keys by observing the CPU's boost frequency mechanism.

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys : Read more
You can also avoid this without a performance loss by disabling speed shift and turbo stepping. I currently have my CPU running at max clocks without any boosting. So maintains max clocks even at idle. I didn’t do it because of this vulnerability, but rather due to overclock stability (V/F curve instability with higher clocks/manual voltage).
 

rluker5

Distinguished
Jun 23, 2014
160
63
18,660
0
My 12700k's mild 24/7 oc has 4 cores that go to 5.1, 1 to 5.0, 3 to 4.9 and 4 more to 3.9. Which also varies on temp (TVB+2) and # of cores loaded.
How precise does this information have to be? I imagine my derived timings would be pretty hazy.
 

setx

Distinguished
Dec 10, 2014
101
57
18,660
0
Just disabling Turbo or setting all cores to the fixed multiplier won't make it run at constant speed. Remember that you have other power-related technologies like C-states and power/thermal throttling and you definitely don't want to turn them off in a realistic system (and is it even possible on modern CPUs?)
 

shady28

Distinguished
Jan 29, 2007
293
147
18,890
6
Seriously, I think a lot of these "security researchers" publish this stuff to try to look like they're doing something useful.

I mean, no kidding if someone can install software to and get direct physical access to your computer to hook up monitoring and data collection tools, they can 'hack' it.

Virtually no computer crimes are committed this way, it's almost always social engineering be that a phone call, text message, or email.
 

HyperMatrix

Distinguished
May 23, 2015
94
65
18,610
0
Just disabling Turbo or setting all cores to the fixed multiplier won't make it run at constant speed. Remember that you have other power-related technologies like C-states and power/thermal throttling and you definitely don't want to turn them off in a realistic system (and is it even possible on modern CPUs?)
Power and thermal throttling only happens if you exceed those limits. I have my 12900k locked at 5.3GHz all core. These are 24/7 clocks. No issues whatsoever. And no drops according to cpu-z even under 320W AVX loads.
 

rluker5

Distinguished
Jun 23, 2014
160
63
18,660
0
Seriously, I think a lot of these "security researchers" publish this stuff to try to look like they're doing something useful.

I mean, no kidding if someone can install software to and get direct physical access to your computer to hook up monitoring and data collection tools, they can 'hack' it.

Virtually no computer crimes are committed this way, it's almost always social engineering be that a phone call, text message, or email.
I bet with this vulnerability, to get it to work well enough to get results on a non idle pc, you still need admin privileges and likely physical access to get around things like UAC control. I also thought browsers already were patched with low precision timing right when stuff like this came out with meltdown and the first spectre.
Power and thermal throttling only happens if you exceed those limits. I have my 12900k locked at 5.3GHz all core. These are 24/7 clocks. No issues whatsoever. And no drops according to cpu-z even under 320W AVX loads.
Apparently some people do want to disable c-states. They forgot to add your choice in the mitigation summary table with full mitigation effectiveness and positive performance impact :p
 
Reactions: shady28

setx

Distinguished
Dec 10, 2014
101
57
18,660
0
Why people think what they do at home is relevant to the real world of server & corporate hardware? Those vulnerabilities are mainly headache for them as they have to provide the guarantees.
 

thisisaname

Distinguished
Feb 6, 2009
337
127
18,860
0
Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.
If you have the access to the hardware this needs then there are easier way to get data off the system.
 
Reactions: shady28
If I were to guess: Incorrect key guesses take longer the further you off from the multi part key. Thus the boost speed will be longer. A partially correct key takes less time. As sampling can vary wildly you would have to run multiple passes to ensure the results are consistent.
 

tommo1982

Distinguished
Dec 5, 2010
92
40
18,560
0
Wouldn't it cause higher CPU usage to begin with? It'd require to sample whatever it need at fast intervals and that causes CPU usage to go up. Also, is the voltage regulator in a CPU able to provide it with accurate data?

On a side note. I skip almost all articles about Meltdwon/Spectre like vulnerabilities. So many require sophisticated equipment or access to the system. It's easier to steal my passwords by fake email.
 

ASK THE COMMUNITY

TRENDING THREADS