Researchers find leak in Intel processors with HyperThreading
Researchers from a Finnish and a Cuban university have demonstrated a new side channel attack that works on Intel processors with HyperThreading. They expect PortSmash, as the attack has been dubbed, to work on AMD processors as well.
Researchers from the Tampere University of Technology in Finland and the Universidad Tecnologica de la Habana Cujae in Cuba have verified the operation of PortSmash on Intel’s Skylake and Kaby Lake processors. The attack uses the technology of processors with Simultaneous Multithreading, or SMT. That is why the researchers expect that AMD processors that support this are also vulnerable.
The attack relies on data leaks by the sharing execution engine for SMT and works globally, according to ZDNet, by running malicious threads side by side with legitimate threads to get behind sensitive data such as cryptographic keys. The attack therefore resembles an old vulnerability that was already found in 2005. However, other than that technique, PortSmash has nothing to do with memory subsystems or caching. The fixes for the 2005 attack do not work, the researchers said.
They posted a proof-of-concept on GitHub and notified Intel Security of their findings on October 1. Intel released a patch on November 1. According to one of the researchers, the aim of the study was to end the use of SMT because it would inherently create insecurity. OpenBSD therefore disables HyperThreading in upcoming versions of the operating system.