cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,283
PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in Finland discovered the exploit and it could affect all CPUs that use Simultaneous Multithreading (SMT.) It is confirmed to affect Intel CPUs using Hyper-Threading (HT) and researchers say that AMD Ryzen CPUs are more than likely vulnerable also, but they have yet to test those. The research paper has not been finished yet, but the POC is available now. The researchers recommend purchasing platforms that do not feature SMT.
Intel Statement:
Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
Intel Statement:
Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.