Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,271
PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in Finland discovered the exploit and it could affect all CPUs that use Simultaneous Multithreading (SMT.) It is confirmed to affect Intel CPUs using Hyper-Threading (HT) and researchers say that AMD Ryzen CPUs are more than likely vulnerable also, but they have yet to test those. The research paper has not been finished yet, but the POC is available now. The researchers recommend purchasing platforms that do not feature SMT.

Intel Statement:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
6,024
Well my server upgrade project just got moved up, was scheduled to happen on the 3'rd of Jan but I am loading Server 2016 Datacenter now .... If I can find the correct Dell Raid Driver.... EPYC servers here I come!
 
  • Like
Reactions: ltron
like this

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,554
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.
 

GSDragoon

Limp Gawd
Joined
Feb 24, 2004
Messages
234
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.

They probably just read the title.

I've been saying it work for years now. Security is inversely perportional to performance and usability. Security is why we can't have nice things.
 

HeadRusch

[H]ard|Gawd
Joined
Jun 8, 2007
Messages
1,588
Anyone else get the feeling that we're all going to go back to a dial-up mentality soon.......
 

Imhotep

Gawd
Joined
Feb 12, 2014
Messages
816
This is old news. Force more threads than supported by any CPU and grab the data that needs to be resend between the caches. The researchers need to lay off the cool aid. They didn't mention that this crap needs admin access as well.
Entirely no news worthy research.
 

Icon_Charlie

Weaksauce
Joined
Aug 3, 2018
Messages
100
I had a k6-2! 500 or 550 mhz I think.

I went 1800X It was an overall best deal for the price when I purchased it back over 1 year ago. It is still a great alternative to a 2700X. I waiting for the next generation on the 7mm chipset or waiting to purchase a 1950x thread ripper for similar reasons.
 

pcgeekesq

[H]ard|Gawd
Joined
Apr 23, 2012
Messages
1,399
Let me know if anyone, anywhere, ever suffers a loss from one of these side-channel attacks.
Frankly, an attacker has to get really lucky to get any info worth a damn from them.

IT departments should worry more about their stupid users, and less about this.
 

ChoGGi

[H]ard|Gawd
Joined
May 7, 2005
Messages
1,789
They didn't mention that this crap needs admin access as well.
FTFA : "[PortSmash] definitely does not need root privileges," he said "Just user space."

so if you run an Intel (and maybe AMD) server farm sucks to be you, but it doesn't seem like something too horrid for the rest of us?


Edit:
Researchers say they notified Intel's security team last month, on October 1, but the company has not provided a patch until yesterday, the date on which researchers went public with their findings.

Dropping a POC one day after the patch seems a little dickish to me.
 

aaronspink

2[H]4U
Joined
Jun 7, 2004
Messages
2,122
as much as i enjoy watching intel get shit on for security flaws i feel this should of been tested on AMD processors as well before releasing this information..

Its a generic multi-context timing attack. I would be completely shocked if AMD wasn't equally exploitable. Its literally not something that can be fixed in hardware and is an actual software problem.
 
  • Like
Reactions: PaulP
like this

aaronspink

2[H]4U
Joined
Jun 7, 2004
Messages
2,122
An exploit inherent to SMT? Seems like efficient/performance computing and secure computing are becoming more and more mutually exclusive. And as usual, people still don't even bother to read the OP before they start bashing.

Not really inherent to SMT, but part of a class of common exploits to crypto based on timing attacks of shared resources. The whole class is well known. Want secure crypto, don't allow random threads to run on the same hardware doing the crypto.
 
  • Like
Reactions: PaulP
like this

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
intel-inside-slow-work-ahead.jpg
 

seanreisk

[H]ard|Gawd
Joined
Aug 29, 2011
Messages
1,711
Eh. I realize that some of these side-channel attacks are egregious vulnerabilities, but vulnerabilities that require some level of administrative access are a bit too much 'cart before the horse'. It's like worrying that Freddy Krueger might have a venereal disease.

I'm going to write a paper on a Windows Server 2019 vulnerability that explains how someone with administrative access can go into the system, view the user accounts and change permissions. That'll freak everyone out.
 

ChoGGi

[H]ard|Gawd
Joined
May 7, 2005
Messages
1,789
Intel fan boys say that. They won’t be because I own it.
No, one of the researchers said that
"We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,554
Not really inherent to SMT, but part of a class of common exploits to crypto based on timing attacks of shared resources. The whole class is well known. Want secure crypto, don't allow random threads to run on the same hardware doing the crypto.

If you read the article, it's an attack based on forcing a process to run on the different logical core of the same physical core.
 
Top