A new study has found that hackers can get their hands on home computers’ encryption keys. The study showed that the Hertzbleed attack is especially dangerous for PCs with processors made by Intel and AMD. A side-channel vulnerability is what’s being used in this attack.
Recently, Tom’s hardware site released the findings of a study he conducted. The researchers explained how these cryptographic keys may be hacked. Even novice hackers might easily create an application that monitors PC boost frequencies and power mechanisms, they claimed.
Intel and AMD processors can be exploited by hackers, according to the experts. The researchers claimed, however, that they have yet to determine if the same procedure can be applied to other computers. Hertzbleed can be used on any PC running DVFS power algorithm, according to the research.
This investigation was conducted by researchers from three American universities. They are the University of Texas in Austin, the University of Washington in Seattle, and the University of Illinois in Urbana-Champaign.
How The Hertzbleed Attack Was Conceived
To steal data from a computer, the malware is said to monitor how certain procedures affect it. In this attack, a specific cryptographic workload’s energy signatures are tracked. Each system has its own unique signature in terms of power consumption, making this kind of tracking viable.
Using the energy details gathered, the hacker can create timing data. In order to gain access to the owner’s private keys, he leverages this timing data. While this assault can be carried out from a distance, it is also possible for hackers to set it up remotely.
“The Hertzbleed assault is a frequency side channel,” according to the report. An entirely new subset of side-channel assaults, this is unheard of before. Cryptographic keys can be stolen from any server using this method. This attack is so potent that even the most secure remote servers can be compromised in order to collect cryptographic secrets.”
According to the paper, the assault has been tested successfully on all Intel chips. It also says that AMD’s Zen-2 and Zen-3 processors were used in the testing.
No Firmware Patches are in the works for Intel or AMD.
One or both of the major chipmakers isn’t ready to fix the problem, according to insiders who are familiar with the situation. To get around this problem, PC users are advised to disable the speed boost feature on their computers.
Turbo boost is a term used by Intel and AMD, respectively, to describe this feature. As a result of deactivating certain features, PC performance may suffer. Intel has responded to this in a formal statement. The report was shared with other chip makers, according to the company. However, it maintains that hackers can’t steal such encryption secrets unless they operate in a laboratory environment.