Researchers have developed an exploit that uses a feature in Intel chips to steal secret cryptographic keys.
The proof of concept code, called PortSmash, comes from researchers at Finland’s Tampere University of Technology and the Technical University of Havana, Cuba. It uses a category of exploit called a side channel attack, in which one program spies on another as it runs.
The attack exploits a feature called Simultaneous Multi Threading (SMT), which runs two programs separately on a single physical CPU core. Although this concept has been around in various chips since the late sixties, this attack focuses on Intel’s version of it, Hyper-Threading, which it started building into its processors in 2002.
Side channel attacks don’t peek at the victim program’s secret directly. Instead, one thread (the attack thread) looks for clues that reveal what the other thread (the victim thread) is doing, and works the secret out from there. They can use a range of signals, including the timing of instructions. PortSmash uses instruction timing based on port contention.
A storm in any port
Each physical core has a number of ports, which are the regions on the chip that do the physical processing. When two threads are running on a chip they often have to wait for each other to use those ports.
PortSmash exploits this situation. Its attack thread repeatedly hits a port with instructions unless the CPU’s scheduler stops running them and hands the port over to the other thread. By measuring the time in between its own instructions running on that port, it can measure the time that the other thread takes to process its own instructions. This can help it derive a program’s secrets over time.
The proof of concept steals an OpenSSL private key from a TLS server. That’s just one example of what the attack can do, and the code could easily be reconfigured to steal other information too.
How can it be fixed? Disable SMT, said researcher Billy Brumley in this mailing list post. Many machines don’t allow this in the BIOS, so OpenBSD already disabled support for SMT in its scheduler by default in June. That came just days before the disclosure of another side channel flaw called TLSBleed, which Dutch researchers used to extract cryptography keys from victim threads on Intel chips.
This bug is different to the Spectre and Meltdown attacks, revealed in January, which used speculative execution to steal data. Neither is it clear whether it will affect AMD chips at the time of writing.
What does this mean for you?
If you’re simply using a desktop or laptop PC for routine stuff like gaming, browsing and productivity apps, then not much. This attack involves executing code on your machine, and if an attacker is able to do that you’re already in trouble because they can use their code to get at your information in other, easier ways.
The real danger here is for those running lots of workloads from different people on the same machine. Multi-tenant cloud environments would be a key target. However, the attacker would still have to get their thread running on the same physical core as the program they wanted to snoop on.
Intel said in a statement widely issued to the press that it was up to developers to create more secure software to stop people abusing this feature:
Software or software libraries can be protected against such issues by employing side channel safe development practices.
Colin Percival, formerly security officer for the FreeBSD OS, tweeted more advice about this, explaining that this concept has been known about for years, and that good coding practices are crucial.
The defence against PortSmash is exactly the same as the defence against microarchitectural side channel attacks from 2005: Make sure that the cryptographic key you're using does not affect the sequence of instructions or memory accesses performed by your code.— Colin Percival (@cperciva) November 2, 2018
OpenSSL has already issued a patch to solve the problem, and hopefully this will prompt other developers to ensure that they are coding securely to avoid dropping side-channel secrets.
Intel has already stripped Hyper-Threading out of its i7 9700k processor, but we shouldn’t assume this is because it sees security problems there. It is still building the feature into many other processors including the higher-end i9 9900k. It’s more likely to do with market segmentation and economics than any security panic.