Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,060
PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in Finland discovered the exploit and it could affect all CPUs that use Simultaneous Multithreading (SMT.) It is confirmed to affect Intel CPUs using Hyper-Threading (HT) and researchers say that AMD Ryzen CPUs are more than likely vulnerable also, but they have yet to test those. The research paper has not been finished yet, but the POC is available now. The researchers recommend purchasing platforms that do not feature SMT.

Intel Statement:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
 
Well my server upgrade project just got moved up, was scheduled to happen on the 3'rd of Jan but I am loading Server 2016 Datacenter now .... If I can find the correct Dell Raid Driver.... EPYC servers here I come!
 
  • Like
Reactions: ltron
like this
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.
 
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.

They probably just read the title.

I've been saying it work for years now. Security is inversely perportional to performance and usability. Security is why we can't have nice things.
 
Anyone else get the feeling that we're all going to go back to a dial-up mentality soon.......
 
This is old news. Force more threads than supported by any CPU and grab the data that needs to be resend between the caches. The researchers need to lay off the cool aid. They didn't mention that this crap needs admin access as well.
Entirely no news worthy research.
 
I had a k6-2! 500 or 550 mhz I think.

I went 1800X It was an overall best deal for the price when I purchased it back over 1 year ago. It is still a great alternative to a 2700X. I waiting for the next generation on the 7mm chipset or waiting to purchase a 1950x thread ripper for similar reasons.
 
Let me know if anyone, anywhere, ever suffers a loss from one of these side-channel attacks.
Frankly, an attacker has to get really lucky to get any info worth a damn from them.

IT departments should worry more about their stupid users, and less about this.
 
They didn't mention that this crap needs admin access as well.
FTFA : "[PortSmash] definitely does not need root privileges," he said "Just user space."

so if you run an Intel (and maybe AMD) server farm sucks to be you, but it doesn't seem like something too horrid for the rest of us?


Edit:
Researchers say they notified Intel's security team last month, on October 1, but the company has not provided a patch until yesterday, the date on which researchers went public with their findings.

Dropping a POC one day after the patch seems a little dickish to me.
 
as much as i enjoy watching intel get shit on for security flaws i feel this should of been tested on AMD processors as well before releasing this information..

Its a generic multi-context timing attack. I would be completely shocked if AMD wasn't equally exploitable. Its literally not something that can be fixed in hardware and is an actual software problem.
 
  • Like
Reactions: PaulP
like this
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.

Not really inherent to SMT, but part of a class of common exploits to crypto based on timing attacks of shared resources. The whole class is well known. Want secure crypto, don't allow random threads to run on the same hardware doing the crypto.
 
  • Like
Reactions: PaulP
like this
intel-inside-slow-work-ahead.jpg
 
Eh. I realize that some of these side-channel attacks are egregious vulnerabilities, but vulnerabilities that require some level of administrative access are a bit too much 'cart before the horse'. It's like worrying that Freddy Krueger might have a venereal disease.

I'm going to write a paper on a Windows Server 2019 vulnerability that explains how someone with administrative access can go into the system, view the user accounts and change permissions. That'll freak everyone out.
 
Intel fan boys say that. They won’t be because I own it.
No, one of the researchers said that
"We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.
 
Not really inherent to SMT, but part of a class of common exploits to crypto based on timing attacks of shared resources. The whole class is well known. Want secure crypto, don't allow random threads to run on the same hardware doing the crypto.

If you read the article, it's an attack based on forcing a process to run on the different logical core of the same physical core.
 
Back
Top