Blog Layout

Researchers Find New CPU Security Vulnerability

sccomputerguys • Jul 19, 2022

Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent shockwaves through the entire world.

Well, it's back. In a way.

While this new side-channel attack isn't identical, it's similar enough that the researchers who discovered it gave it a similar sounding name:  Hertzbleed.  It allows remote attackers to pilfer full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling, or DVFS for short.

In other words, hackers can monitor the electrical output of your PC and based on that, derive your cryptographic keys.

A team from the University of Texas at Austin, in collaboration with others from the University of Washington and the University of Illinois Urbana-Champaign are credited with the discovery of the new attack vector.

The team had this to say about their discovery:

"In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [..] Hertzbleed is a real, and practical, threat to the security of cryptographic software.

First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks--lifting the need for any power measurement interface.

Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis."

To be fair, this is an incredibly exotic attack that would be extremely difficult for even the most experienced hackers in the world to pull off.  Even so, there are hackers out there in the world who have the skills to do this. That is why it's somewhat disturbing that neither Intel nor AMD have any plans to issue a fix for the issues that make Hertzbleed possible.

Per an Intel spokesman:

"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment."

While that's true, hackers have always been known for being more interested in bragging rights than practicality. In our view, it's just a matter of time before we see Hertzbleed in the headlines.

You May Need To Replace Old Cisco VPN Routers

By sccomputerguys 22 Jul, 2022
Do you own one or more of the following products made by Cisco? The RV110W Wireless-N VPN Firewall The RV130 VPN Router The RV130W Wireless-N Multifunction VPN Router The RV215W Wireless-N VPN ...

Some Requested Features May Be Coming To Microsoft Teams

By sccomputerguys 21 Jul, 2022
Do you use Microsoft Teams?  If so, you'll be thrilled to know that the Redmond Giant is continuing to pour resources into improving the software with a specific focus on audio and ...

It May Be Time To Update Your Business Logo

By sccomputerguys 20 Jul, 2022
Corporate branding can be worth its weight in gold and certain images are absolutely iconic.  The Golden Arches, the Nike "swoosh," and Apple's Apple all come to mind. Logo images give companies ...

Ransomware Hackers Have Set Their Sights On Exchange Servers

By sccomputerguys 18 Jul, 2022
Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware. As is common among ransomware ...

The Surprising Ways Mobile Technology Impacts Our Lives

By sccomputerguys 16 Jul, 2022
If you grew up in the days before the internet, it's absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better). Remember ...

Edge Will Replace Internet Explorer After It Is Gone

By sccomputerguys 15 Jul, 2022
It may seem as though Internet Explorer is the browser that will not die, but according to Microsoft, it is now a step closer to breathing its last virtual breath. Microsoft has ...

New Panchan Botnet Targets Linux Servers

By sccomputerguys 14 Jul, 2022
If you're involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet. It first appeared in the wilds ...

How To Protect Your Company With Cybersecurity Awareness

By sccomputerguys 13 Jul, 2022
These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies ...

Data Breach Hits One Of America’s Largest Healthcare Providers

By sccomputerguys 12 Jul, 2022
Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that ...

Cisco Email Gateway Appliance Users Should Apply Security Patch

By sccomputerguys 11 Jul, 2022
Tech giant Cisco recently sent out a notification to its vast customer base urging them to apply a recently issued patch that addresses a critical security vulnerability. This vulnerability could allow an ...
More Posts
Share by: