PortSmash: Newly discovered side channel attack found with Intel processors with HyperThreading

A new vulnerability has been discovered which Intel processors with HyperThreading. Dubbed as PortSmash, it has been identified as a new side channel attack which uses a method different from the Speculative Execution vulnerability found earlier this year.

For those who don’t know, a side-channel is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself. Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited. The vulnerability was discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba. Researchers said PortSmash affects all the CPUs that use SMT (Simultaneous Multithreading) architecture. Researchers said that the vulnerability affects CPUs manufactured by Intel but are sceptical that it might also affect those made by AMD.

Our attack has nothing to do with the memory subsystem or caching. The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core.

The team has published PoC on GitHub that demonstrates a PortSmash attack on Intel Skylake and Kaby Lake CPUs. Intel, on the other hand, has released a statement acknowledging the vulnerability.

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.

– Intel

Last year,  another team of researchers found a similar side-channel vulnerability impacting Intel’s Hyper-Threading technology. It might be time for users to disable HT/SMT on their devices and move to an architecture that doesn’t use SMT/HT.

Via: Windows United