Vulnerability on Intel and AMD CPUs allows stealing crypto keys
The problem was detected on Intel chips for desktops and laptops from 8 to 11 generations based on the Core microarchitecture, as well as on AMD Ryzen chips based on the Zen 2 and Zen 3 architecture.
Researchers at the University of Texas at Austin, the University of Illinois at Urbana-Champaign and the University of Washington reported that attackers can use a vulnerability called Hertzleed to gain access to private keys in cryptographic libraries.
Hertzleed attack is a new type of attack on third-party channels, based on the features of dynamic frequency control. The Hertzbleed attack analyzes the dynamic frequency at different workloads and breaks the encryption by picking and manipulating the encrypted text.
Dynamic voltage and frequency scaling (DVFS) is a power-saving technique. However, attackers can calculate the difference in power consumption by analyzing server response times for certain requests.
“In the worst case, these attacks allow access to cryptographic keys on remote servers by analyzing the computation time of cryptographic libraries. Such libraries used to be considered tamper-proof.”
Subscribe to our Telegram channel for the most relevant, interesting, and informative news from the crypto industry.