The new PortSmash Side-Channel Vulnerability found in Intel processor could allow attackers to leak encrypted data from the CPU’s Internal processes. The vulnerability has discovered by a team of Tampere University of Technology in Finland and Technical University of Havana, Cuba.
The Security researchers defined PortSmash as a Side-Channel attack. A side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.
Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks.
PortSmash impact to all CPU that use a Simultaneous Multithreading (SMT) architecture, it is a technique for improving the overall efficiency of superscalar CPUs with hardware multithreading. SMT permits multiple independent threads of execution to better utilize the resources provided by modern processor architectures.
One of the Security researcher said,
“Our attack has nothing to do with the memory subsystem or caching,” said Billy Brumley, one of the five researchers, referring to previous side-channel attacks that have impacted SMT architectures and Intel’s HT implementation.
“The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core,” Brumley added.
POC Available in Github
proof-of-concept of the PortSmash microarchitecture attack, tracked by CVE-2018-5407.
A CPU featuring SMT (e.g. Hyper-Threading) is the only requirement.
This exploit code should work out of the box on Skylake and Kaby Lake.
How to Fix?
The Security researche team said that, to disable SMT/Hyper-Threading in the bios” and upgrade to OpenSSL 1.1.1 (or >= 1.1.0i” as potential fixes.