News Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys

[Admin]

Intel and groups of researchers divulged the 'Hertzbleed' chip vulnerability that allows stealing cryptographic keys by observing the CPU's boost frequency mechanism.

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys : Read more

 

[mavroxur]

This seems like such a niche vulnerability. It would require extreme precision current monitoring of the CPU itself at a very, very high sampling rate. I mean, if someone comes to my door with lab equipment wanting me to hook it up to my system, I'd personally be a little suspect.....

 

[Alvar "Miles" Udell]

Naturally, the most direct method of stopping the attack is to disable Turbo Boost (Intel) or Precision Boost (AMD) entirely, but that has a tremendous performance impact.

Which is false. Manual overclocking has positive multicore performance improvements while carrying a minimal to zero single thread performance penalty, and I can say this from experience with the Ryzen 1800X and 3700X, both on a Crosshair VI Hero WiFi, and my current 5950X on an X570S Aorus Master. None of those CPUs ever came close to the all core boost I obtained by overclocking, and none of them ever hit their advertised boost speed under a single core load despite removed limits and liquid cooling.

 

[HyperMatrix]

Intel and groups of researchers divulged the 'Hertzbleed' chip vulnerability that allows stealing cryptographic keys by observing the CPU's boost frequency mechanism.

Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys : Read more

You can also avoid this without a performance loss by disabling speed shift and turbo stepping. I currently have my CPU running at max clocks without any boosting. So maintains max clocks even at idle. I didn’t do it because of this vulnerability, but rather due to overclock stability (V/F curve instability with higher clocks/manual voltage).

 

[JWNoctis]

So it's a rehash of the old timing attack.

Really don't need another Heartbleed right now.

 

[rluker5]

My 12700k's mild 24/7 oc has 4 cores that go to 5.1, 1 to 5.0, 3 to 4.9 and 4 more to 3.9. Which also varies on temp (TVB+2) and # of cores loaded.
How precise does this information have to be? I imagine my derived timings would be pretty hazy.

 

[setx]

Just disabling Turbo or setting all cores to the fixed multiplier won't make it run at constant speed. Remember that you have other power-related technologies like C-states and power/thermal throttling and you definitely don't want to turn them off in a realistic system (and is it even possible on modern CPUs?)

 

[shady28]

Seriously, I think a lot of these "security researchers" publish this stuff to try to look like they're doing something useful.

I mean, no kidding if someone can install software to and get direct physical access to your computer to hook up monitoring and data collection tools, they can 'hack' it.

Virtually no computer crimes are committed this way, it's almost always social engineering be that a phone call, text message, or email.

 

[HyperMatrix]

Just disabling Turbo or setting all cores to the fixed multiplier won't make it run at constant speed. Remember that you have other power-related technologies like C-states and power/thermal throttling and you definitely don't want to turn them off in a realistic system (and is it even possible on modern CPUs?)

Power and thermal throttling only happens if you exceed those limits. I have my 12900k locked at 5.3GHz all core. These are 24/7 clocks. No issues whatsoever. And no drops according to cpu-z even under 320W AVX loads.

 

[rluker5]

Seriously, I think a lot of these "security researchers" publish this stuff to try to look like they're doing something useful.

I mean, no kidding if someone can install software to and get direct physical access to your computer to hook up monitoring and data collection tools, they can 'hack' it.

Virtually no computer crimes are committed this way, it's almost always social engineering be that a phone call, text message, or email.

I bet with this vulnerability, to get it to work well enough to get results on a non idle pc, you still need admin privileges and likely physical access to get around things like UAC control. I also thought browsers already were patched with low precision timing right when stuff like this came out with meltdown and the first spectre.

Power and thermal throttling only happens if you exceed those limits. I have my 12900k locked at 5.3GHz all core. These are 24/7 clocks. No issues whatsoever. And no drops according to cpu-z even under 320W AVX loads.

Apparently some people do want to disable c-states. They forgot to add your choice in the mitigation summary table with full mitigation effectiveness and positive performance impact

 

[setx]

Why people think what they do at home is relevant to the real world of server & corporate hardware? Those vulnerabilities are mainly headache for them as they have to provide the guarantees.

 

[thisisaname]

Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.

If you have the access to the hardware this needs then there are easier way to get data off the system.

 

[digitalgriffin]

If I were to guess: Incorrect key guesses take longer the further you off from the multi part key. Thus the boost speed will be longer. A partially correct key takes less time. As sampling can vary wildly you would have to run multiple passes to ensure the results are consistent.

 

[Deleted member 431422]

Wouldn't it cause higher CPU usage to begin with? It'd require to sample whatever it need at fast intervals and that causes CPU usage to go up. Also, is the voltage regulator in a CPU able to provide it with accurate data?

On a side note. I skip almost all articles about Meltdwon/Spectre like vulnerabilities. So many require sophisticated equipment or access to the system. It's easier to steal my passwords by fake email.