Stories
Slash Boxes
Comments

SoylentNews is people

PortSmash: Hyper-Threading Flaw Affects Intel CPUs, Possibly Others

posted by martyb on Saturday November 03 2018, @05:48PM   Printer-friendly
from the hyperthreading-not-worth-the-hype? dept.

takyon writes:

Researchers Exploit Another Intel Hyper-Threading Flaw

Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel's Hyper-Threading (HT) technology that attackers could use to steal users' encrypted data, as reported by ZDNet today.

Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel's HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.

[...] The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT's parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.

The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.

Also at Ars Technica and The Register.

Related: OpenBSD disables Intel's hyper-threading over CPU data leak fears
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches

Original Submission

 
This discussion has been archived. No new comments can be posted.
PortSmash: Hyper-Threading Flaw Affects Intel CPUs, Possibly Others | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Saturday November 03 2018, @07:19PM (1 child)

    by DannyB (5839) Subscriber Badge on Saturday November 03 2018, @07:19PM (#757357) Journal

    The porpoises for which the exploit is reporpoised expect free fish to be included with the exploit. If no fish, then zsh is 2nd choice.

    All of Intel's performance enhancement drugs not only don't work (in bed), did not help Ballmer, but also make the system insecure due to information leakage.

    In the future, how about a simple, secure, and understandable architecture without 4 decades of legacy baggage needed to boot MS-DOS 1.0.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday November 04 2018, @07:18AM

    by Anonymous Coward on Sunday November 04 2018, @07:18AM (#757521)

    Any new system will be designed by low quality cheap labor which will finish the design on deadline. The system will be much slower and more insecure than anything before it and will not be able to be fixed. It will be used anyway because otherwise feelings would be hurt of the low quality cheap labor. Example: user interface designers and their useless designs

    And the new system will also be compromised to the core by devil's rejects. So there is nothing to gain from a new design. On the positive note, get Russians, Europeans to design it and then it could work.