PortSmash Attacks Target Intel CPUs’ HyperThreading, a Vulnerability in Data Leakage
Author ：Justin Brunnette
Category： IT News
Recent research results have found a way to steal information from programs relying on Intel CPU multi threaded operations. Intel CPUs have an architecture that employs hyperthreading to boost computing power. This can be exploited through a type of side channeling attack that targets ports used in hyperthreading. The proof of concept is called PortSmash, developed by a team from Finland’s Tampere University of Technology and the Technical University of Havana, Cuba.
PortSmash targets what is called simultaneous multi-threading, which allows a CPU to run multiple programs in a single CPU core. This feature is present in most modern CPUs, Intel has their own version called HyperThreading, which is the center of this side channeling attack. Side channeling attacks are when one program watching or steals data from another program. Side channeling attacks do not view a programs data directly but rather the thread that the program in running on will provide various keys or patterns that can be analyzed to reveal the underlying data.
The architecture of CPU cores have a wider attack surface for side channeling attacks to work with than cross-core attacks. This is because the side channeling attack targets ports of individual cores. Ports are regions of the core that the calculation of a program is taking place in. Multi threaded workloads work to increase the productivity and efficiency of a core. While just a single program or thread can run on a core, it is not using the port all the time. By utilizing the downtime for this port by running an additional thread, increases the efficiency of the port usage and the productivity of the core. But when a core is running two threads, each thread have to wait for the port to open while the other thread is running.
What PortSmash does is that it will exploit this multi threading. It will bombard its target port will various information to see how long it will take to respond. By measuring how long it takes to execute this information, it can analyze how long it takes to execute the other thread. This reveals the underlying programs information overtime. The researchers where able to show that PortSmash can retrieve the OpenSSL key from a TLS server.
Though this exploit doesn’t do much for the typical computer usage such as steaming videos or gaming, if a hacker is in the position to be able to execute PortSmash on your computer, they would be able to gain information through other simpler methods as well. This attack is more of a concern for those who employ a multi threaded workload for shared environments such as a Cloud server. But the hacker will still need to be on the same core as the program they want to attack.
Original Article: https://nakedsecurity.sophos.com/2018/11/05/portsmash-attack-steals-secrets-from-intel-chips-on-the-side/