New research shows that malicious gamers can steal cryptographic keys on Intel and AMD processors using a side-channel vulnerability attack known as “Hertzbleed”, Tom’s Hardware reported.
According to the researchers, attackers can steal Advanced Encryption Standard (AES) cryptographic keys by monitoring a computer’s boost frequency and power mechanisms.
Researchers were only able to identify the vulnerability in Intel and AMD processors, but other computers may also be affected.
The report was compiled by researchers from the University of Texas at Austin, the University of Illinois Urbana-Champaign and the University of Washington.
How the Hertzbleed Attack Works
According to the report, this side channel attack steals data by monitoring the impact of an operation on a system. The attack observes the energy impression of any stipulated cryptographic workload since power signatures vary on different systems.
The attacker can then transform the energy information obtained into temporal data to steal the cryptographic keys. Pirates can also use the Hertzbleed attack from a distance.
“Hertzbleed is a new family of side channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.
Although only Intel and AMD processors have been tested, all modern processors are likely vulnerable because most have a power algorithm called Dynamic Voltage Frequency Scaling (DVFS), which hackers can monitor.
The vulnerability affects all Intel processors, as well as AMD’s Zen 2 and Zen 3 system processors.
Intel and AMD react
According to available information, the chip giants have no plans to roll out a firmware patch.
The report advises users to turn off the frequency boost feature. On Intel it is known as “Turbo boost” and “Precision boost” on AMD. However, it might affect their system performance.
Intel also revealed that it had shared the results of its investigations with other chipmakers for similar evaluations of their systems. He continued that the hours required to steal the cryptographic keys could be difficult to achieve except in a lab environment.