Article 60BRD A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

by
Dan Goodin
from Ars Technica - All content on (#60BRD)
cpu-800x534.jpeg

Enlarge

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.

Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.

Targeting DVFS

The team discovered that dynamic voltage and frequency scaling (DVFS)-a power and thermal management feature added to every modern CPU-allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.

Read 9 remaining paragraphs | Comments

index?i=eQlTPqa-llI:1FMyO_1inno:V_sGLiPB index?i=eQlTPqa-llI:1FMyO_1inno:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments