Thursday, May 23, 2024
HomeCyber CrimeNew Hertzbleed Attack Impacts Almost All Modern Intel and AMD Processors

New Hertzbleed Attack Impacts Almost All Modern Intel and AMD Processors

A novel side-channel exploit that allows remote attackers to obtain entire cryptographic keys has been discovered. They do so by detecting changes in CPU frequency, which Dynamic Voltage and Frequency Scaling allows them to accomplish (DVFS).

A novel side-channel attack has been discovered

The Hertzbleed attack in current Intel and AMD CPUs was discovered by a group of researchers from several institutions.

The attack takes use of Intel (CVE-2022-24436) and AMD (CVE-2022-24436) weaknesses (CVE-2022-23823).

It demonstrates that power side-channel attacks on current x86 CPUs can be transformed into remote timing assaults with no need for a power measurement interface.

Furthermore, the Hertzbleed attacks demonstrated that even when cryptographic code is designed correctly as “constant time,” it may still be exposed by remote timing analysis.

For the time being, no patch?

Microcode updates to combat this new category of side-channel assaults are unlikely to be released by Intel or AMD.

This flaw, according to Intel, affects all of their chips and may be exploited remotely in high-complexity attacks without the need for human input.

Hertzbleed impacts multiple AMD devices, including desktop, mobile, Chromebook, and server CPUs based on the Zen 2 and Zen 3 microarchitectures, according to AMD.

Hertzbleed might also harm ARM processors that use the frequency scaling capability. The researchers have yet to check if their proof-of-concept code works on these processors.

Mitigation

For the time being, there is no fix for the Hertzbleed attack. AMD and Intel, on the other hand, offer advice on how developers may safeguard their programme against frequency throttling data leakage. Experts also recommend removing the frequency increase option to protect against Hertzbleed attacks.

IEMA IEMLabs
IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us