Researchers from the University of Texas, Washington and Illinois have reported a new family of side-channel attacks called Hertzbleed. The issue affects all Intel (CVE-2022-24436) and AMD (CVE-2022-23823) processors with Turbo Boost or Precision Boost auto-overclocking technologies and may also affect other CPU chips. The attack allows remote access to cryptographic keys by tracking CPU frequency changes.
It has long been known that hackers can extract cryptographic keys through the processor by measuring the power consumption at the time this data is processed. Fortunately, it is quite difficult to carry out such an attack in practice, since attackers have very few opportunities to remotely monitor the processor’s power consumption when processing cryptographic keys. The new Hertzbleed family of side-channel attacks makes power analysis attacks another class of exploits, and it becomes much easier to implement such an attack in practice.
The proposed attack method is based on the features of dynamic frequency control in modern processors. To optimize power consumption and prevent overheating during operation, modern processors support dynamic frequency changes – Turbo Boost for Intel or Precision Boost for AMD – which change the operating frequency depending on the load. Accordingly, this leads to a change in performance and working speed. By tracking the time it takes the system to respond to specially crafted requests and further analyzing the data received, cryptographic keys can be extracted.
Researchers demonstrated how an exploit works to extract keys from a server using the supersingular isogeny key encapsulation mechanism. They also verified that the circuit worked on 8th to 11th generation Intel processors, confirming the relevance of the problem for Intel Xeon and AMR Ryzen chips. The code to exploit the vulnerability is published on Github.
“Hertzbleed is a new family of side channel attacks: frequency side channels. At worst, this type of attack allows an attacker to extract cryptographic keys from remote servers that were previously considered secure <...> Hertzbleed is a real and practical threat to cryptographic software security.according to the authors of the study.