A group of researchers from the University of Texas, University of Illinois, and the University of Washington have found a new vulnerability in modern AMD and Intel Processors. They dubbed the flaw Hertzbleed, as it uses frequency side channels to extract cryptographic keys from remote servers.
Experiments launched by the researchers from the three said educational institutions say that under certain circumstances dynamic frequency scaling feature is linked to the data processing feature in modern x86 processors. And because of this fault, the security of cryptography software becomes a threat as it gives an opportunity to use a novel chosen -cipher-text attack against SIKE- Supersingular Isogeny Key Encapsulation to perform full key extraction on a remote note.
Intel and AMD have issued an advisory on this note saying most of their processors were susceptible to Hertzbleed attacks.
Both companies have also announced the release of microcode patches to mitigate the risks raised by Hertzbleed.
Intel has taken a step ahead by issuing guidance to cryptographic developers to harden their libraries and applications against Hertzbleed attacks.
NOTE 1- In the past few years, both Intel and AMD have hit news headlines for products exhibiting different vulnerabilities. However, they always ensured that their customers never fall prey to hackers by issuing patches and updates from time to time.
NOTE 2- A white paper detailing Hertzbleed will be published at the ‘31st USENIX Security Symposium’ that is to be held in Boston between August 10-12 of 2022.