HertzBleed Side Channel Attack
Share this:
Hertzbleed is a new family of side-channel attacks: frequency side channels. these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
Hertzbleed takes advantage and under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency when computing, for example, 2022 + 23823 compared to 2022 + 24436.
The majority of desktop, laptop, and server processors are vulnerable to a new type of attack called Hertzbleed that’s extremely hard to mitigate against.
Hertzbleed impacts all 8th to 11th Generation Intel Core desktop and laptop processors, as well as several AMD desktops, mobile, and server processors, including Ryzen Zen 2 and Zen 3 desktop and laptop chips.
The only effective mitigation techniques have “an extreme system-wide performance impact” because they involve either disabling Turbo Boost on Intel chips and Precision Boost on AMD chips or use modelled power instead of actual power throttling control algorithms.
The reason Hertzbleed is so serious is because it opens the door for an attacker to steal secure information by extracting AES cryptographic keys from remote servers. Neither Intel nor AMD have revealed plans to release microcode to patch the exploit, which means it remains a threat unless mitigated in software. And as the workarounds mentioned above are so detrimental to performance, it seems very unlikely they will be implemented.
According to Intel, the threat presented by Hertzbleed is minimized by the fact it takes hours to days to steal a cryptographic key using this attack method. In the list of mitigation techniques, Intel also lists some that come with much less of a performance impact, but only partially solve the problem.
The researchers who discovered Hertzbleed were asked by Intel to delay publicly disclosing it until yesterday, but now it is public, many more security researchers and engineers will be looking at the threat and hopefully better mitigation techniques will reveal themselves soon
