Skip to main content

Crypto hack: Intel and AMD CPUs at risk

 


Researchers discovered a vulnerability in Intel and AMD CPUs. Criminals could use the vulnerability to obtain cryptographic keys.


According to researchers at the University of Texas Austin, the University of Illinois and the University of Washington, a CPU vulnerability called "Hertzbleed" could enable "side-channel attacks". Criminals could use it to steal your crypto keys .


CPUs from the two chip giants Intel and AMD are affected. This includes Intel desktop and laptop models of the eighth to eleventh generation of the Core microarchitecture and AMD Ryzen chips of the desktop and laptop models of the Zen 2 and Zen 3 microarchitecture.


Tom's Hardware reported the vulnerability. Both Intel and AMD have issued recommendations regarding this issue.


Hertzbleed Attack

Hertzbleed is a new type of side channel attack called Frequency Side Channel (hence the name Hertz and the data bleeding). The research paper on this approach states:


"At worst, these attacks could allow an attacker to extract cryptographic keys from remote servers that were previously thought to be secure."


In a Hertzbleed attack, criminals observe the performance signature of a cryptographic workload and use it to steal the data. This performance signature varies due to the CPU's dynamic boost clock frequency adjustments during the workload, reports Tom's Hardware.


Dynamic Voltage and Frequency Scaling (DVFS) is a feature of modern processors used to reduce power consumption. So the vulnerability is not a bug. Attackers can track changes in power consumption by monitoring the time it takes a server to respond to specific requests.


"Hertzbleed is a real and practical threat to the security of cryptographic software ," the researchers said.

In 2020 we already reported on the discovery of a vulnerability in Intel's SGX (Software Guard Extension), which could also lead to side channel attacks and compromised crypto keys .

Is there a solution?

Intel and AMD currently have no plans to provide firmware patches to mitigate the Hertzbleed issue. However, there are already solutions to the problem.


According to the chip manufacturers, Hertzbleed can be bypassed by disabling the frequency increase. On Intel CPUs, this feature is called “Turbo Boost” and on AMD chips, it’s called “Turbo Core” or “Precision Boost”. However, this is likely to affect the performance of the processor, it said.


According to Jerry Bryant, senior director of security communications and incident response at Intel, this attack is impractical outside of a lab environment. Among other things, because it would take “hours to days” to steal a cryptographic key. Bryant added that " cryptographic implementations secured against side-channel power-targeting hacks are not vulnerable to this issue ."


Disclaimer

All information contained on our website has been researched to the best of our knowledge and belief. The journalistic contributions are for general information purposes only. Any action taken by the reader based on the information found on our website is entirely at their own risk.

My Top Picks
Honeygain - Passive earner that pays in BTC or PayPal
MandalaExchange -The Best no KYC crypto Exchange! 
BetFury - Play And Earn BFG for daily Bitcoin and ETH dividends!
Pipeflare - Faucet that pays in ZCash and Matic, Games pay in DAI
Womplay - Mobile dApp gaming platform that rewards in EOS and Bitcoin
Cointiply - The #1 Crypto Earning Site
Torum - Join the latest Social Network and earn TRM for Free! 
LiteCoinPay - The #1 FaucetPay earner for Litecoin 
LBRY/Odysee - YouTube Alternative that lets you earn Money by viewing videos!
FaucetPay - The #1 Microwallet Platform
FREEBTC - The #1 FaucetPay earner for Satoshi's
FaucetCrypto - An earning/faucet site that pays out instantly
FireFaucet - An earning site that pays better for some than Cointiply
DogeFaucet - Dogecoin Faucet
xFaucet - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BCH, BNB, ZEC, FEY - Claim every 5 minutes
Konstantinova - BTC, ETH, LTC, Doge, Dash, Tron, DGB, BNB, ZEC, USDT, FEY, 25 Claims Daily

Comments

Post a Comment

Popular posts from this blog

From offchain to offchain: Statechains meets Lightning

  Without a doubt, the most significant off-chain Bitcoin solution is the Lightning network. But in its wake, the statechain has emerged as an intriguing replacement. There is currently a proposal to link the two offchain networks. From an ocean, for example, you can see sunbeams glistening in the water, waves rippling, and possibly a jellyfish drifting toward the light. But you only see a small portion of it. The distance from the sea's surface to its bottom is hundreds of meters. It has dozens of different fish species swimming in it, crabs and starfish crawling on the bottom, shells clinging to rocks, and sea plants climbing up. A completely new world starts where your gaze diverges. You can picture a blockchain like Bitcoin, just like the sea. What you see on the outside is only a small portion of what is actually there; the set of UTXOs (coins) and transaction history that full nodes store are just the beginning of a much larger world. It's the plan, at least. With Bitcoin
Post a Comment
Read more

MSP Recovery and Tokenology aim to optimize healthcare with the help of Polygon

  MSP Recovery LLC, a Miami, US-based healthcare provider with an estimated enterprise value of $32.6 billion, is partnering with Web3 company Tokenology to jointly launch a new blockchain platform called Lifechain. Lifechain wants to leverage the verifiable and transparent nature of blockchain technology to aggregate medical care claims, medical expense reports and patient data and streamline their processing. For this purpose, MSP Recovery launched its own LifeWallet in January, which already has 1 million users. In addition to the wallet and blockchain platform, an associated crypto token called LifeCoin is also used. The press release explains that the primary purpose of the system is to enable secondary healthcare providers to more effectively bill health insurance companies for their costs. “The number of medical claims tokenized going forward will surpass $50 million per day by 2024. For this we need scalability, security and sustainability, which we have only found with Polygon
Post a Comment
Read more

Phishing attack on popular crypto sites tries to empty wallets

  Several major crypto sites such as Etherscan, CoinGecko, DeFi Pulse, and others report malicious pop-ups scammers use to try to trick users into connecting their MetaMask wallets. The phishing attack came from a domain displaying the Bored Ape Yacht Club (BAYC) logo. "We are investigating the root cause of this attack to fix the threat as soon as possible," CoinGecko founder Bobby Ong tweeted. The phishing attack appears to have been triggered by a malicious ad script from Coinzilla, a crypto ad network, according to CoinGecko. Etherscan also advises its users not to confirm any transactions that may appear on the website. The attackers attempted to use the hype around the “bored monkeys” non-fungible tokens (NFT) to gain access to the cryptocurrencies of unsuspecting website visitors. Although the websites affected by the scam attempt have reacted in the last few hours and deactivated the advertising pop-up, it is still recommended not to connect your MetaMask wallet to ne
Post a Comment
Read more