Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit

Discussion in 'HardForum Tech News' started by cageymaru, Nov 2, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,253
    Joined:
    Apr 10, 2003
    PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in Finland discovered the exploit and it could affect all CPUs that use Simultaneous Multithreading (SMT.) It is confirmed to affect Intel CPUs using Hyper-Threading (HT) and researchers say that AMD Ryzen CPUs are more than likely vulnerable also, but they have yet to test those. The research paper has not been finished yet, but the POC is available now. The researchers recommend purchasing platforms that do not feature SMT.

    Intel Statement:

    Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
     
  2. polonyc2

    polonyc2 [H]ardForum Junkie

    Messages:
    16,176
    Joined:
    Oct 25, 2004
    7nm Zen 2 can't get here soon enough...
     
    Abby Normal, knowom, N4CR and 12 others like this.
  3. 86 5.0L

    86 5.0L [H]ardness Supreme

    Messages:
    6,773
    Joined:
    Nov 13, 2006
    Damn...

    Intel just cant catch a break... lol
     
  4. Dayaks

    Dayaks [H]ardness Supreme

    Messages:
    6,665
    Joined:
    Feb 22, 2012
    And shit like this is why I went 2700x. First AMD cpu since the k6-2 and it’s been awesome.
     
    N4CR, Burticus, jnemesh and 11 others like this.
  5. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,393
    Joined:
    Feb 3, 2014
    Well my server upgrade project just got moved up, was scheduled to happen on the 3'rd of Jan but I am loading Server 2016 Datacenter now .... If I can find the correct Dell Raid Driver.... EPYC servers here I come!
     
    ltron likes this.
  6. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    21,097
    Joined:
    Sep 13, 2008
    as much as i enjoy watching intel get shit on for security flaws i feel this should of been tested on AMD processors as well before releasing this information..
     
  7. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,393
    Joined:
    Feb 3, 2014
    I am hoping to hold out just a bit longer hoping AMD will launch a 2800x before Christmas.
     
    marekfreak and viper1152012 like this.
  8. filip

    filip [H]ard|Gawd

    Messages:
    1,528
    Joined:
    Aug 15, 2012
    Wait a second, is this why some of the new Intel cpus don't have Hyper-Threading. They knew all along.
     
    N4CR, Burticus, jnemesh and 5 others like this.
  9. GSDragoon

    GSDragoon [H]Lite

    Messages:
    105
    Joined:
    Feb 24, 2004
    It says that AMD CPUs probably have the same problem, but they haven't tested it yet.
     
    Red Falcon, PaulP and haste. like this.
  10. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,968
    Joined:
    Mar 18, 2010
    An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.
     
  11. MacLeod

    MacLeod [H]ardness Supreme

    Messages:
    7,517
    Joined:
    Jul 28, 2009
    Another security flaw in Intel chips that AMD doesn't likely have? Guess it's time for another t-shirt.
     
  12. GSDragoon

    GSDragoon [H]Lite

    Messages:
    105
    Joined:
    Feb 24, 2004
    They probably just read the title.

    I've been saying it work for years now. Security is inversely perportional to performance and usability. Security is why we can't have nice things.
     
  13. RogueTrip

    RogueTrip 2[H]4U

    Messages:
    2,788
    Joined:
    Feb 22, 2003

    Uhhhh, guys. Looks like AMD may have an issue too... :whistle:
     
  14. Chimpee

    Chimpee [H]ard|Gawd

    Messages:
    1,299
    Joined:
    Jul 6, 2015
    At this point, I think it is just safer to unplug my computer from the internet, but I need the pr0n, so I wont.
     
  15. Joust

    Joust 2[H]4U

    Messages:
    2,463
    Joined:
    Nov 30, 2017
    I had a k6-2! 500 or 550 mhz I think.
     
    pendragon1 likes this.
  16. dgz

    dgz [H]ardness Supreme

    Messages:
    5,038
    Joined:
    Feb 15, 2010
    making tons of money :|
     
  17. HeadRusch

    HeadRusch [H]ard|Gawd

    Messages:
    1,104
    Joined:
    Jun 8, 2007
    Anyone else get the feeling that we're all going to go back to a dial-up mentality soon.......
     
  18. bobdabilder

    bobdabilder Limp Gawd

    Messages:
    292
    Joined:
    Oct 7, 2009
    You're gonna need that i99999000000k
    Overclocked out your anus to stay even with all the shit code to bog this down.
    Great job intel.
     
    knowom, Denjoy and viper1152012 like this.
  19. cjcox

    cjcox [H]ard|Gawd

    Messages:
    1,076
    Joined:
    Jun 7, 2004
  20. IndyColtsFan

    IndyColtsFan Limp Gawd

    Messages:
    280
    Joined:
    Jul 4, 2017
    I think you need to carefully reread what the researchers said.
     
    PaulP, schmide, JoeRChillin and 3 others like this.
  21. thecold

    thecold Limp Gawd

    Messages:
    254
    Joined:
    Nov 12, 2017
    I'm going with he didn't read the article.
     
    PaulP, JoeRChillin, Trimlock and 2 others like this.
  22. Imhotep

    Imhotep Gawd

    Messages:
    745
    Joined:
    Feb 12, 2014
    This is old news. Force more threads than supported by any CPU and grab the data that needs to be resend between the caches. The researchers need to lay off the cool aid. They didn't mention that this crap needs admin access as well.
    Entirely no news worthy research.
     
    Spartacus, Burticus and Skyblue like this.
  23. Imhotep

    Imhotep Gawd

    Messages:
    745
    Joined:
    Feb 12, 2014
    By the way when did some of the tech news become part of CNN :D
     
  24. Icon_Charlie

    Icon_Charlie [H]Lite

    Messages:
    100
    Joined:
    Aug 3, 2018
    I went 1800X It was an overall best deal for the price when I purchased it back over 1 year ago. It is still a great alternative to a 2700X. I waiting for the next generation on the 7mm chipset or waiting to purchase a 1950x thread ripper for similar reasons.
     
  25. pcgeekesq

    pcgeekesq [H]ard|Gawd

    Messages:
    1,403
    Joined:
    Apr 23, 2012
    Let me know if anyone, anywhere, ever suffers a loss from one of these side-channel attacks.
    Frankly, an attacker has to get really lucky to get any info worth a damn from them.

    IT departments should worry more about their stupid users, and less about this.
     
    DocNo, PaulP, trentchau and 5 others like this.
  26. SickBeast

    SickBeast Limp Gawd

    Messages:
    498
    Joined:
    Jan 29, 2012
    Did you not read the OP where it said that the AMD CPUs are likely affected by this also?
     
    Space_Ranger, JoeRChillin and haste. like this.
  27. ChoGGi

    ChoGGi [H]ard|Gawd

    Messages:
    1,430
    Joined:
    May 7, 2005
    FTFA : "[PortSmash] definitely does not need root privileges," he said "Just user space."

    so if you run an Intel (and maybe AMD) server farm sucks to be you, but it doesn't seem like something too horrid for the rest of us?


    Edit:
    Dropping a POC one day after the patch seems a little dickish to me.
     
    PaulP and jmilcher like this.
  28. MacLeod

    MacLeod [H]ardness Supreme

    Messages:
    7,517
    Joined:
    Jul 28, 2009
    I really don't give a fuck. Was mainly making a joke about the last time this happened [H] made up some Tshirts.
     
  29. aaronspink

    aaronspink [H]ard|Gawd

    Messages:
    1,438
    Joined:
    Jun 7, 2004
    Why? its equally vulnerable as are all multi-context processors...
     
  30. aaronspink

    aaronspink [H]ard|Gawd

    Messages:
    1,438
    Joined:
    Jun 7, 2004
    Its a generic multi-context timing attack. I would be completely shocked if AMD wasn't equally exploitable. Its literally not something that can be fixed in hardware and is an actual software problem.
     
    PaulP likes this.
  31. aaronspink

    aaronspink [H]ard|Gawd

    Messages:
    1,438
    Joined:
    Jun 7, 2004
    Not really inherent to SMT, but part of a class of common exploits to crypto based on timing attacks of shared resources. The whole class is well known. Want secure crypto, don't allow random threads to run on the same hardware doing the crypto.
     
    PaulP likes this.
  32. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    15,314
    Joined:
    Apr 29, 2005
    Portsmash side channel? Kinky!
     
    auntjemima likes this.
  33. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,929
    Joined:
    Oct 13, 2016
  34. Dayaks

    Dayaks [H]ardness Supreme

    Messages:
    6,665
    Joined:
    Feb 22, 2012
    Intel fan boys say that. They won’t because I own it.
     
    Last edited: Nov 2, 2018
    ltron likes this.
  35. seanreisk

    seanreisk Gawd

    Messages:
    805
    Joined:
    Aug 29, 2011
    Eh. I realize that some of these side-channel attacks are egregious vulnerabilities, but vulnerabilities that require some level of administrative access are a bit too much 'cart before the horse'. It's like worrying that Freddy Krueger might have a venereal disease.

    I'm going to write a paper on a Windows Server 2019 vulnerability that explains how someone with administrative access can go into the system, view the user accounts and change permissions. That'll freak everyone out.
     
  36. ChoGGi

    ChoGGi [H]ard|Gawd

    Messages:
    1,430
    Joined:
    May 7, 2005
    No, one of the researchers said that
     
    SickBeast and Dayaks like this.
  37. Dayaks

    Dayaks [H]ardness Supreme

    Messages:
    6,665
    Joined:
    Feb 22, 2012
    He must have been an intel fan boy then, obviously.
     
    LightsOut41 and ChoGGi like this.
  38. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,968
    Joined:
    Mar 18, 2010
    If you read the article, it's an attack based on forcing a process to run on the different logical core of the same physical core.
     
    Deleted member 93354 likes this.
  39. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,228
    Joined:
    Apr 9, 2012
    what they don't know anyone with an amd system to test so they assume it is vulnerable too?

    until verified it's not affected.
     
    Inacurate, ltron, ManofGod and 4 others like this.
  40. chili dog

    chili dog Limp Gawd

    Messages:
    207
    Joined:
    Oct 23, 2014
    Did the Intel CEO sell a bunch of stock before the announcement like last time?