PortSmash attack exploits Intel’s Hyper-Threading architecture to steal your data

http://s3.amazonaws.com/digitaltrends-uploads-prod/2018/10/samsung-chg90-ultrawide-monitor-review-5481.jpg
Intel

Security researchers from Finland and Cuba have discovered a side-channel attack, known as PortSmash, that affects Intel chips and could allow attackers access to encrypted data processed from a computer’s CPU. The vulnerability exists on chipsets that use simultaneous multithreading (SMT) architecture, so it could also affect AMD chips in addition to Intel chips with Hyper-Threading technology.

Researchers claimed that they notified Intel of the vulnerability at the beginning of October, but the chip-maker did not have a patch ready until the end of the month, the same day that a proof-of-concept code was published on Github to show how the attack would work on Intel’s Skylake and Kaby Lake architectures.

For PortSmash to work, malicious code must run on the same PC using the same processor core as the legitimate code. SMT and Intel’s Hyper-Threading technology allow for codes to run on separate threads simultaneously using the same processor core. This delivers greater efficiency, as more code can be executed at the same time. However, code executed on one thread can also observe what is happening on the other thread, and an attacker could use this behavior to inject malicious code to run in tandem with a legitimate code in order to eavesdrop on the processor. The malicious code will leak out bits of encrypted data that it observed from the legitimate process, allowing an attacker to reconstruct the encrypted data from the leak.

“We detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core,” Billy Brumley, security researcher, and one of the research paper’s authors, told The Register.

Intel has since responded to the findings of Brumley and his team, noting that the issue is not related to already widely-known vulnerabilities like Spectre or Meltdown.

“We expect that it is not unique to Intel platforms,” Intel said. “Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners, and researchers to understand and mitigate any vulnerabilities that are identified.”

Brumley noted that in order for PortSmash to work, the malicious code must run on the same processor as the target machine. Brumley’s team has not tested PortSmash on AMD processors, but the plan is to see if the same kind of attack can happen on Ryzen processors in the future.

Computing

New rumors say the Pixelbook 2 could show up at CES 2019

What will the Pixelbook 2 be like? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Computing

Ryzen 3000 CPUs could be the most powerful ever. Here's what we know

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far.
Computing

If Core i5 CPUs are great for most, do you really need the extra power of an i7?

This guide is designed to help you decide whether you need the extra technological enhancements provided by the i7 core, or if the more affordable Core i5 will suit your needs. In the i5 vs. i7 battle, which is best for you?
Computing

Intel's 9th-gen chips could power your next rig. Here's what you need to know

The Intel Core i9-9900K processor was the star of the show for consumers, but a powerful 28-core Xeon processor also led announcements. Here's everything you need to know about the latest Intel chipsets.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement or an unwanted trip to your local repair shop.
Computing

We want every laptop to be as thin as an iPhone. But is it practical?

The Acer Swift 7 is the thinnest notebook you can buy, and it feels like the notebook of the future. But it makes too many compromises along the way, and some weird design choices hold it back.
Computing

You could spend $1,000 on an iPhone, or buy one of these awesome laptops instead

Finding a decent laptop is easy, but finding one under $1,000 is a bit tricky. Luckily, we've taken some of the guesswork out of picking out a budget laptop. Here are some of our favorites, the best laptops under $1,000.
Computing

Don't know what to do with all your old DVDs? Here's how to convert them to MP4

Given today's rapid technological advancements, physical discs are quickly becoming a thing of the past. Check out our guide on how to convert a DVD to MP4, so you can ditch discs for digital files.
Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Computing

Supermicro investigation: no spy chips found on our motherboards

Supermicro announced the results of an investigation into the controversy surrounding its motherboards. The investigation was launched in response to reports that alleged the motherboards were compromised with malicious hardware.
Photography

Photographers can now customize the layout of Lightroom Classic controls

Tired of scrolling past Lightroom tools that you don't use? Adobe Lightroom Classic now allows users to reorganize the Develop panel. The update comes along with new sharing options in Lightroom CC, and updates to the mobile Lightroom app.
Cars

Best Products of 2018

Our reception desk has so many brown boxes stacked up, it looks like a loading dock. We’re on a first-name basis with the UPS guy. We get new dishwashers more frequently than most people get new shoes. What we’re trying to say is: We…
Computing

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.