A new side-channel attack dubbed Hertzbleed allows remote attackers to obtain entire cryptographic keys by detecting fluctuations in CPU frequency allowed by dynamic voltage and frequency scaling (DVFS). This is feasible because the dynamic frequency scaling on current Intel (CVE-2022-24436) and AMD (CVE-2022-23823) x86 processors is dependent on the power consumption and the data being processed.
DVFS is a power management throttling mechanism utilized by current CPUs to prevent the system from exceeding its thermal and power limitations under heavy loads, as well as to minimize overall power consumption during low CPU demands. A group of researchers from the University of Texas in Austin, the University of Illinois at Urbana-Champaign, and the University of Washington discovered Hertzbleed.
“In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [..] Hertzbleed is a real, and practical, threat to the security of cryptographic software,” explains the security researchers.
“First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface. “Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis.”
According to Intel, this flaw affects all their chips and may be exploited remotely by threat actors with minimal privileges in high-complexity attacks that don’t require user engagement. AMD also confirmed that Hertzbleed impacts numerous of its devices, including Zen 2 and Zen 3 microarchitecture-based desktop, mobile, Chromebook, and server CPUs.
Hertzbleed might impact processors from other vendors, such as ARM, that employ the frequency scaling capability, but the researchers have yet to determine if their proof-of-concept code applies to these CPUs. Intel and AMD have no plans to produce microcode updates to address this new category of side-channel attacks known as frequency side channels, as per the research group behind Hertzbleed.
“While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment,” said Intel’s Senior Director of Security Communications and Incident Response Jerry Bryant.
On the other hand, both vendors advise [1, 2] on how developers should protect their applications against frequency throttling data exposure. According to AMD’s instructions, developers may use masking, concealing, or key-rotation to reduce power analysis-based side-channel leakages in Hertzbleed attacks.
The researchers claim that deactivating the frequency increase function can minimize Hertzbleed attacks in most situations. On Intel CPUs, the frequency increase capability is known as “Turbo Boost,” whereas on AMD CPUs, it is known as “Turbo Core” or “Precision Boost.”
Although removing frequency boost may prevent information leaking via Hertzbleed, the security experts advise against it since “it will very significantly impact performance.” Moreover, Intel claims that the attack can happen whether or not the Turbo Boost function is turned on and has provided other instructions.
Please see Intel’s recommended software guidelines for cryptographic implementations to fix this problem. The study “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86” will be featured at the 31st USENIX Security Symposium (Boston, August 10–12, 2022), and a preprint version may be found here.