[ad_1]
Why it's important: PortSmash is a dangerous secondary channel vulnerability that exploits multiple concurrent threads to steal cryptography keys and determine what a processor core is doing. Although it has so far only been confirmed to run on Intel's Kaby Lake and Skylake platforms, it is "strongly suspected" to work on all hyperthreading processors, including those from AMD.
Simultaneous Multi-Thread (SMT) creates two logical cores for each physical core, but the two logical cores can see a surprising amount of what the other is doing. PortSmash-based malware is designed to work on the parallel logical core of the legitimate and targeted process. It then saves all the data that is leaking from the legitimate process (mainly the times of operation), and then rebuilds what the other heart does. It is suspected of being able to steal a variety of information, but it is more efficient to access cryptographic keys because of the way the processor calculates them.
TLBleed, revealed in June, was a very similar vulnerability that also uses multi-threading (SMT) (multi-threading) as a weak point. This allowed a 256-bit cryptographic key to be determined in just over 17 seconds using only two milliseconds of data. PortSmash may or may not be slower, but it is potentially even more versatile.
"PortSmash is extremely portable and its preconditions for execution are minimal, that is to say that it requires no knowledge of cache lines, expulsion sets, machine learning techniques and reverse engineering techniques PortSmash certainly does not need root privileges, "said Billy Bob Brumley. A PortSmash researcher, revealed in a blog post: "Just from user space".
Brumley, along with his team of four other researchers from Finnish and Cuban universities, believes that the server infrastructure could suffer the most. "Personally, I think remote connection scenarios are the biggest targeted threat," he said. For example, when a malicious user connects to a website, he can use PortSmash to determine the cryptographic key used by the site. They could then hack the server and steal its data.
No need to panic for the moment. OpenSSL, the cryptography library used by over 60% of Internet users, has already released a patch that prevents access via this direct method. A more generalized patch may be coming soon, they say, but security researchers say something needs to be done about the hardware and the BIOS. They informed Intel of the vulnerability on October 1st.st.
Unfortunately, Intel will not comply.
"This problem does not depend on a speculative run and is therefore not related to Spectrum, Meltdown or an L1 terminal fault. We expect that it is not unique to Intel platforms. Research on side channel analysis methods often focuses on manipulating and measuring features, such as synchronization, of shared hardware resources. Software or software libraries can be protected against such problems by using secure development practices by the secondary channels. Protecting our customers' data and ensuring the safety of our products is a top priority for Intel and we will continue to work with our customers, partners and researchers to understand and mitigate all identified vulnerabilities. "
Basically, they say that libraries such as OpenSSL should be able to prevent security breaches themselves. AMD is still reviewing their position.
"At AMD, security is a top priority and we work continuously to ensure the safety of our users against new risks. We are studying the PortSmash Lateral Channel Vulnerability Report, which we have just received, to understand any potential sensitivity to AMD products. "
Brumley and his team argue that the end of hyperthreading is simply the only way to stay safe. Although PortSmash is not the vulnerability that causes computers to be violated anywhere in the world, it will be another vulnerability with multiple threads, they say. "That's the main reason why we've released this feat – to show how reproducible it is," Brumley told ZDnet, and help eliminate the trend of SMT (Simultaneous Multi-Threading) chips. Security and SMT are mutually exclusive concepts. I hope that our work encourages users to disable SMT in the BIOS or to choose to spend their money in architectures that do not have SMT. "
The simultaneous loss of multi-threading would be extremely damaging to performance and ridiculously expensive for companies. It's safe to say that this will never happen, at least in the server space. Brumley admits that other approaches could be implemented in future processors and operating system upgrades, but indicates that these will continue to have a significant impact on performance and will be costly.
If you want to play PortSmash (not recommended), the researchers published a proof of concept on Github. It is able to steal an OpenSSL P-384 private key from a TLS server running OpenSSL software that has not yet been updated to version 1.1.1.
A detailed paper on the subject, entitled "Happy with Ports for Fun and Profit," will be available in the coming days. It remains to be seen if PortSmash and other vulnerabilities of hyperthreading will reduce half of the resources of the Internet. Personally, I have faith in Intel's decision not to put in place hardware protections – their income is so much at risk that they would not want to ignore a problem if it was so serious.
However, for the average user, standard malware remains a much more concerning issue and the PortSmash vulnerability is easily avoided by not downloading suspicious files.
Source link