Hertzbleed exposes computers' secret whispers

Hertzbleed exposes computers’ secret whispers

Hertzbleedis the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving feature called dynamic voltage and frequency scaling (DVFS).

A remote DVFS side channel

DVFS describes the adjustment of power and speed settings on a computer’s various processors, controller chips, and peripheral devices. By throttling the speed of the chips, DVFS can prolong battery life and reduce cooling costs.

When CPUs process data, transistors are switched on and off depending on the data being processed. Switching transistors uses energy. Consequently, running the same workload with different data may change the CPU’s power consumption.

Those differences trigger changes in the frequency set by DVFS. Which means the same program will run at a different frequency if the input is different—even if it is just slightly different. Those frequency changes can be deduced by monitoring the time it takes for a server to respond to specific, carefully made queries.

This allows an attacker with a stopwatch and enough datapoints to perform a “side-channel” attack and infer the data the CPU was processing. (A side-channel attack is an attack based on information that can be observed because of the way a computer protocol or algorithm is implemented.)

Vulnerability or feature?

DVFS is a useful feature of modern processors. But like some other useful features of modern processors, it turns out to have a security downside. In this case, the downside has been assigned two CVEs:

  • CVE-2022-23823: A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
  • CVE-2022-24436: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

Hertzbleed affects all Intel and several AMD processors. Other processor vendors which also implement frequency scaling in their products may be affected.

Should I worry?

As with many threats, the risk you are running very much depends on your threat model. If you are working with highly confidential data, and there is reason to believe that advanced threat actors might be after that data, then you may have a reason to worry about it. For anyone else, it’s something to be aware of, but not necessarily something you need to act upon.

It is a known fact that threat actors can extract secret cryptographic data from a chip by measuring the power it consumes while processing cryptographic keys and other secret data. But the means for exploiting power-analysis attacks against microprocessors has always been limited because the threat actors had few viable ways to remotely measure power consumption while processing the secret material.

Hertzbleed reduces the requirements. Making power side-channel attacks into timing attacks that can be done remotely. But it will still take many hours and some level of proximity to recover a full cryptographic key. For example, the proof-of-concept attack took 36 to 89 hours to recover a full secret key from a system on the same network.

Most cybercriminals aren’t going to bother with Hertzbleed and will continue to rely on phishing, Word macros, skimmers, and other well worn tricks, but that doesn’t mean that advanced, well-resourced threat actors won’t.

According to Intel, who held the research results under embargo but decided not to deploy any patches:

“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment.”

Mitigation

There are ways to disable the features that make Hertzbleed possible, but it will come at a price: Your system will be considerably slower. You would have to disable what Intel calls “Turbo Boost”, and AMD calls “Turbo Core” or “Precision Boost”. For more information, you can read the official security advisories by Inteland AMD.

The preferable way to mitigate is to deal with the vulnerability in the code of programs that handle cryptographic ciphers and other confidential data. Hertzbleed shows that current industry guidelines for how to write constant-time code (such as Intel’s) are insufficient to guarantee constant-time execution on modern processors. So improvements in that field will be necessary.

Stay safe, everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.