Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Vulnerability steals data from Intel and AMD CPUs — and you’re probably affected

Researchers just outlined a new vulnerability that affects processor chips — and it’s called Hertzbleed. If used to conduct a cybersecurity attack, this vulnerability can help the attacker steal secret cryptographic keys.

The scale of the vulnerability is somewhat staggering: According to the researchers, most Intel and AMD CPUs might be impacted. Should we be worried about Hertzbleed?

Hertzbleed vulnerability logo on a blue and white background.
Hertzbleed

The new vulnerability was first discovered and described by a team of researchers from Intel as part of its internal investigations. Later on, independent researchers from UIUC, UW, and UT Austin also contacted Intel with similar findings. According to their findings, Hertzbleed might affect most CPUs. The two processor giants, Intel and AMD, have both acknowledged the vulnerability, with Intel confirming that it affects all of its CPUs.

Recommended Videos

Intel has issued a security advisory that provides guidance to cryptographic developers on how to strengthen their software and libraries against Hertzbleed. So far, AMD hasn’t released anything similar.

What exactly is Hertzbleed and what does it do?

Hertzbleed is a chip vulnerability that allows for side-channel attacks. These attacks can then be used to steal data from your computer. This is done through the tracking of the processor’s power and boost mechanisms and observing the power signature of a cryptographic workload, such as cryptographic keys. The term “cryptographic keys” refers to a piece of information, securely stored in a file, which can only be encoded and decoded through a cryptographic algorithm.

In short, Hertzbleed is capable of stealing secure data that normally remains encrypted. Through observing the power information generated by your CPU, the attacker can convert that information to timing data, which opens the door for them to steal crypto keys. What’s perhaps more worrying is that Hertzbleed doesn’t require physical access — it can be exploited remotely.

It’s quite likely that modern processors from other vendors are also exposed to this vulnerability, because as outlined by the researchers, Hertzbleed tracks the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique. DVFS is used in most modern processors, and thus, other manufacturers such as ARM are likely affected. Although the research team notified them of Hertzbleed, they are yet to confirm whether their chips are exposed.

Putting all of the above together certainly paints a worrying picture, because Hertzbleed affects such a large number of users and so far, there is no quick fix to be safe from it. However, Intel is here to put your mind at ease on this account — it’s highly unlikely that you will be the victim of Hertzbleed, even though you are likely exposed to it.

According to Intel, it takes anywhere between several hours to several days to steal a cryptographic key. If someone would still want to try, they might not even be able to, because it requires advanced high-resolution power monitoring capabilities that are difficult to replicate outside of a lab environment. Most hackers wouldn’t bother with Hertzbleed when plenty of other vulnerabilities are discovered so frequently.

How to make sure Hertzbleed won’t affect you?

Hertzbleed vulnerability mitigation methods depicted in a chart.
Intel

As mentioned above, you are probably secure even without doing anything in particular. If Hertzbleed gets exploited, it’s unlikely that regular users will be affected. However, if you want to play it extra safe, there are a couple of steps you can take — but they come at a severe performance price.

Intel has detailed a number of mitigation methods to be used against Hertzbleed. The company doesn’t seem to be planning to deploy any firmware updates, and the same can be said about AMD. As per Intel’s guidelines, two ways exist to be fully protected from Hertzbleed, and one of them is super easy to do — you just have to disable Turbo Boost on Intel processors and Precision Boost on AMD CPUs. In both cases, this will require a trip to the BIOS and disabling boost mode. Unfortunately, this is really bad for your processor’s performance.

The other methods listed by Intel will either only result in partial protection or are very difficult, if not impossible, for regular users to apply. If you don’t want to tweak the BIOS for this and sacrifice your CPU’s performance, you most likely don’t have to. However, keep your eyes open and stay sharp — cybersecurity attacks take place all the time, so it’s always good to be extra careful. If you’re tech-savvy, check out the full paper on Hertzbleed, first spotted by Tom’s Hardware.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
These two CPUs are the only ones you should care about in 2023
An AMD Ryzen 7000 processor slotted into a motherboard.

If you're shopping for a CPU, you might feel tempted by the newer releases, meaning AMD's Ryzen 7000 and Intel's Raptor Lake. But you're often better off going against the current and picking one of the best processors in terms of value for the money instead of overpaying for something you don't need.

Both Intel and AMD have released plenty of noteworthy CPUs in the past years and months, but two models stand out from the crowd, and you might be surprised to hear that neither belongs to the latest generation — although one of them is as recent as it gets.
Value above all else

Read more
AMD Ryzen 9 7950X3D vs. Intel Core i9-13900K: only one choice for PC gamers
AMD's Ryzen 9 7950X3D inside of its packaging.

The AMD Ryzen 9 7950X3D and Intel Core i9-13900K are undoubtedly two of the best processors you can buy, but they aren't equal. We threw both of the CPUs on the test bench to answer the age-old question: is AMD or Intel better?

Based on our testing, the Ryzen 9 7950X3D wins this bout, mostly on the back of the excellent gaming performance AMD's 3D V-Cache technology brings. Intel's Core i9-13900K still holds up, particularly in productivity apps, but Team Red takes the win this time around.
Pricing and availability

Read more
AMD might finally beat Intel for the fastest mobile gaming CPU
AMD Ryzen 6000 laptop chip.

AMD's Ryzen 9 7945HX, the mobile flagship for this generation, was just spotted in some early benchmarks. The test results show that AMD might be really competitive in gaming laptops this year.

The CPU outpaced its last-gen equivalents by miles, and it kept up with Intel's best processors despite having far fewer cores.

Read more