A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.
Discovered by a team of security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel’s Hyper-Threading technology, the company’s implementation of Simultaneous MultiThreading (SMT).
Simultaneous MultiThreading is a performance feature that works by splitting up each physical core of a processor into virtual cores, known as threads, allowing each core to run two instruction streams at once.
Since SMT runs two threads in two independent processes alongside each other in the same physical core to boost performance, it is possible for one process to see a surprising amount of what the other is doing.
“We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architectures,” the team says.
“More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core.”
Thus, an attacker can run a malicious PortSmash process alongside a selected victim process on the same CPU core, allowing the PortSmash code to snoop on the operations performed by the other process by measuring the precise time taken for each operation.
images from Hacker News