A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling(DVFS).
This is possible because, on modern Intel(CVE-2022-24436) and AMD(CVE-2022-23823)X86 processors, the dynamic frequency scaling depends on the power consumption and the data being processed.
The major problem is that under particular circumstances periodic CPU frequency adjustments depend on the current CPU power consumption. These adjustments directly translate to the execution time differences, according to researchers.
Attackers can leverage the execution time variations
The security vulnerabilities in Intel and AMD products can have significant consequences. These attackers can leverage the execution time versions and extract sensitive data like cryptographic keys. Advisories have been released from both companies.
Attackers can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
However , Patches have not been released.
CVE ID
CVE-2022-24436
CVE-2022-23823
Follow us for more, Facebook, Twitter, LinkedIn and Instagram
Leave A Comment