Intel Chips Smashed by PortSmash

By

New exploits take advantage of side-channel Simultaneous multithreading capabilities.

Intel and AMD are not getting any breaks from chip-level vulnerabilities. A team of researchers from the Tampere University of Technology (Finland) and Technical University of Havana (Cuba) has found a new vulnerability in Intel processors. Dubbed PortSmash (CVE-2018-5407), the exploit allows an attacker to steal sensitive data, including passwords and cryptographic keys.

This time the exploit is found in a side-channel in Intel’s hyperthreading technology. Simultaneous multithreading (SMT) is used for improving the efficiency of CPUs with hardware multithreading.

The exploit affects two of the most popular Intel platforms, Kaby Lake and Skylake, which power most modern PCs, including laptops, desktops, and servers. All of these devices are vulnerable to attacks.

In a security advisory, Red Hat said, “This is a flaw in the Intel processor execution engine sharing on SMT (e.g., Hyper-Threading) architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.”

Hardware-related vulnerabilities make it more difficult for OS vendors to fix issues because of the surrounding secrecy. At times, software vendors, including communities like Linux, have to work under non-disclosure agreements (NDAs), which makes it difficult to get a wide range of experts involved to solve such issues and ensure some transparency. Earlier, Intel was criticized for hiding the Spectre and Meltdown vulnerabilities for months.

While the vulnerability was discovered for Intel chips, in an email to Ars Technica, one of the researchers said they strongly suspect AMD Ryzen architectures, also with SMT, are vulnerable, “but we leave that for future work.” One of the reasons AMD chips were not verified is that the research team didn’t have AMD hardware to test.

11/06/2018
comments powered by Disqus