[ad_1]
Security researchers in Finland and Cuba have discovered a secondary channel attack, called PortSmash, that affects Intel chips and could allow attackers to access encrypted data processed from a computer's processor. The vulnerability exists on chipsets that use a simultaneous multithreading (SMT) architecture. It could also affect AMD chips in addition to Intel chips with Hyper-Threading technology.
The researchers said they informed Intel of the vulnerability in early October, but the chip maker did not have a fix before the end of the month, the same day a validation code was posted on Github to show how the attack would work on the Intel architectures of Skylake and Kaby Lake.
For PortSmash to work, malicious code must be run on the same PC using the same processor core as the legitimate code. SMT and Intel's Hyper-Threading Technology allows codes to run simultaneously on separate threads using the same processor core. This offers greater efficiency because more code can be executed at the same time. However, code running on one thread can also observe what is happening on the other thread, and an attacker could use this behavior to inject malicious code in order to run in tandem with legitimate code in order to Listen to the processor. The malicious code will broadcast encrypted data bits that it has observed in the legitimate process, thus allowing an attacker to reconstruct the encrypted data from the leak.
"We are detecting a port conflict to build a time channel to extract information from processes running in parallel on the same physical kernel," Billy Brumley, research scientist at The Register, told The Register. Security and the author of the research paper.
Since then, Intel has responded to the findings of Brumley and his team, pointing out that the problem was not related to vulnerabilities already widely known, such as Specter or Meltdown.
"We do not expect this to be specific to Intel platforms," Intel said. "Research on side channel analysis methods often focuses on manipulating and measuring features, such as synchronization, of shared hardware resources. Software or software libraries can be protected against such problems by using secure development practices by the secondary channels. Protecting our customers' data and ensuring the safety of our products is a top priority for Intel and we will continue to work with our customers, partners and researchers to understand and mitigate all identified vulnerabilities. "
Brumley noted that for PortSmash to work, malicious code must be run on the same processor as the target machine. The Brumley team has not tested PortSmash on AMD processors, but it is expected to determine if the same type of attack can occur in the future.
Source link
