This week, a new side-channel attack has been disclosed that allows remote attackers to steal full cryptographic keys. This can be done by observing variations in CPU frequency enabled by Dynamic Voltage and Frequency Scaling (DVFS).
The new side-channel attack
A team of researchers from multiple universities has disclosed the Hertzbleed attack in modern CPUs of Intel and AMD.
It shows that on modern x86 CPUs, power side-channel attacks can be turned into remote timing attacks and there is no requirement for any power measurement interface.
Additionally, the Hertzbleed attacks showed that the cryptographic code can still be leaked through remote timing analysis even when implemented correctly as “constant time.”
No patch for now?
Intel and AMD have no plans to release microcode patches to address this new family of side-channel attacks.
Intel claims that this weakness affects all its processors and can be abused remotely in high-complexity attacks that do not require user interaction.
Further, AMD revealed that Hertzbleed affects several of its products, such as desktop, mobile, Chromebook, and server CPUs using the Zen 2 and Zen 3 microarchitectures.
Processors from ARM using the frequency scaling feature might as well be affected by Hertzbleed. However, the researchers are yet to confirm if their proof-of-concept code applies to these CPUs.
Mitigation
At present, there is no patch available for the Hertzbleed attack. Though, AMD and Intel provided guidance on how developers can protect their software against frequency throttling information disclosure. Further, experts suggest disabling the frequency boost feature to mitigate Hertzbleed attacks.