Advanced Micro Devices

New PortSmash attack exploits Intel's Hyper-Threading architecture to steal ...


Researchers claimed that they notified Intel of the vulnerability at the beginning of October, but the chip-maker did not have a patch ready until the end of the month, the same day that a proof-of-concept code was published on Github to show how the attack would work on Intel’s Skylake and Kaby Lake architectures.


SMT and Intel’s Hyper-Threading technology allow for codes to run on separate threads simultaneously using the same processor core.


“We detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core,” Billy Brumley, security researcher, and one of the research paper’s authors, told The Register .


Intel has since responded to the findings of Brumley and his team, noting that the issue is not related to already widely-known vulnerabilities like Spectre or Meltdown.


“Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources.


Brumley noted that in order for PortSmash to work, the malicious code must run on the same processor as the target machine.






Powered by Blogger.