The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the listing of other unsafe side-channel vulnerabilities discovered inwards the yesteryear year, including Meltdown as well as Spectre, Foreshadow.
Discovered yesteryear a squad of safety researchers from the Tampere University of Technology inwards Republic of Finland as well as Technical University of Havana, Cuba, the novel side-channel vulnerability resides inwards Intel's Hyper-Threading technology, the company's implementation of Simultaneous MultiThreading (SMT).
Simultaneous MultiThreading is a performance characteristic that industrial plant yesteryear splitting upwards each physical substance of a processor into virtual cores, known every bit threads, allowing each substance to run 2 didactics streams at once.
Since SMT runs 2 threads inwards 2 independent processes with each other inwards the same physical substance to boost performance, it is possible for 1 procedure to run across a surprising total of what the other is doing.
"We late discovered a novel CPU microarchitecture assault vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architectures," the squad says.
"More specifically, nosotros uncovering port contestation to build a timing side channel to exfiltrate information from processes running inwards parallel on the same physical core."
Thus, an assailant tin run a malicious PortSmash procedure with a selected victim procedure on the same CPU core, allowing the PortSmash code to snoop on the operations performed yesteryear the other procedure yesteryear measurement the precise fourth dimension taken for each operation.
PortSmash Attack to Steal OpenSSL Decryption Keys
As a proof-of-concept released on Github, researchers tested the PortSmash assault against OpenSSL (version <= 1.1.0h) cryptography library as well as were successfully able to bag the soul decryption key using a malicious procedure (exploit) running on the same physical substance every bit the OpenSSL thread (victim).
While the PortSmash assault has been confirmed to occur Intel's Kaby Lake as well as Skylake processors at this moment, researchers "strongly suspected" the assault to occur other SMT architectures, including AMD's, with about modifications to their code.
In August this year, afterwards TLBleed as well as ForeShadow attacks were unveiled, Theo de Raadt, the founder of OpenBSD as well as leader at OpenSSH projects, advised users to disable SMT/Hyperthreading inwards all Intel BIOSes.
"SMT is fundamentally broken because it shares resources betwixt the 2 CPU instances as well as those shared resources lack safety differentiators," Theo said.
He too suspected that "there volition hold upwards to a greater extent than hardware bugs as well as artifacts disclosed. Due to the agency SMT interacts with speculative execution on Intel CPUs, I human face SMT to exacerbate almost of the futurity problems."
How to Protect Your Systems Against PortSmash Attack
Researchers reported the novel side-channel vulnerability to Intel safety squad early on final month, only when the companionship failed to render the safety patches until 1 November, the squad went world with the PoC exploit.
The squad has too promised to liberate detailed newspaper on the PortSmash attack, titled Port Contention for Fun as well as Profit, inwards the coming days.
The uncomplicated gain for the PortSmash vulnerability is to disable SMT/Hyper-Threading inwards the CPU chip's BIOS until Intel releases safety patches. OpenSSL users tin upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if yous are looking for patches).
In June this year, the OpenBSD projection disabled Intel's Hyper-Threading to preclude its users from previously disclosed Spectre-class attacks, every bit good every bit futurity timing attacks.
AMD is investigating the PortSmash side-channel vulnerability written report to know whatever potential AMD production susceptibility.
