Please don’t panic

Please don’t panic. According to Intel, Hertzbleed processor vulnerability is unlikely to affect the majority of users.

Technology security researchers look more like zombie scientists in the movies. Although their work is important in theory, it seems like a lot of fun to explain. It’s a bit like we poke around computers trying to find new ways of attacking them. The Hertzbleed vulnerability is the current topic of conversation in the technology industry. It’s not necessary for most people to be concerned.

Hertzbleed is the result of a collaboration between several university research teams. It has been published separately before a security symposium. It is possible to study how modern CPUs adjust their core frequencies to see what they’re computing.

This could allow a program to steal cryptographic keys. Side-channel attacks can be carried out without the need for intrusive install programs that are often associated with viruses, ransomware, and other dangerous stuff. This could be used for anything, from encrypted data to passwords and even cryptocurrency.

Hertzbleed, a frequency scaling technique that is highly efficient, has a wide range of applications. This can be affected by all modern Intel processors as well as multiple generations of AMD processors. It may have worked on some CPUs from the past ten years, but it is unlikely.

However it’s not very efficient

Were you afraid? Even though you do not have access to the most sensitive personal information, it is impossible to handle other personal information stored on your mobile or laptop. Hertzbleed is an efficient and intelligent way to steal access data. Intel claims that it could take several hours to observe CPU scales in order to detect and steal cryptographic keys. This is even if the power monitoring technique described in the paper is replicated.

Although it is possible for someone to use Hertzbleed in the future to steal data, only the target and technical ability required will allow us to avoid the risk to those most vulnerable to sophisticated attacks. These are government agencies, crypto exchanges and mega-corportations. However, everyday employees may also be at risk of access credentials.

Because side-channel attacks are widespread and require a lot of complexity, neither Intel or AMD offer patches to fix the chips’ physical vulnerabilities. I cannot find any basic CPU system that would be suitable for universal use. On Friday, Jerry Bryant (senior director of security) stated that a basic CPU system was not available for universal computing. This issue is interesting from a research perspective.

However, we don’t believe this attack is practical. These types of attacks are known, even if they use a specific method. This is why high-security environments have been able to explain their nature. Bryant said that cryptographic technologies that have been hardened against power-side-channel attacks are not susceptible to this problem.

AMDs Precision Boost

There are many other ways to stop the attack. The attack can be stopped by disabling Intels Turbo Boost and AMDs Precision Boost. This will prevent frequency scaling but also provides huge performance. It is possible to fool an observer with random adjustments to power scaling and artificial noise to cryptographic sequences. These options will be explored by software developers with high security budgets.

The actual threat to the average user is very close to zero. Hertzbleed, the new attack vector, has not yet been discovered. This means that your average user with Windows or MacOS will not be the most likely target.