To the famous Meltdown and Specter of a few years ago, it now seems like a new partner in mischief needs to be added: Hertzbleed. Although this time we did not find a vulnerability that exploits speculative execution. Rather, it affects a different element of processors. Although his solution will require changes in future designs and the existing one in the short term assumes a significant reduction in performance. What is this attack on the security of our PCs?
The difference between Hertzbleed versus Meltdown and Specter is that we have to assume that we are dealing with what is said to be a side attack. Which do not rely on the execution of malicious code inside the computer, but rather seek to obtain information in another way: by analyzing the operation of the hardware. To do this, they use the information that can be obtained from the processor’s measurement systems to find out what is going on inside. Which makes them extremely dangerous as they can get encrypted keys and jeopardize data security.
What is Hertzbleed?
An example of this type of side attack is the DPA type. Which analyze the variations of energy consumption and electromagnetic emissions of the target processor. Then, through statistical methods, it uses this information to obtain secret keys and encryption algorithms. This allows them to steal information without conventional security mechanisms being able to do anything to prevent it.
Today, DPA-type attacks are so precise that even with a large amount of noise obtained have the ability to capture changes in processor logic gates. It therefore only takes a thorough analysis of this data to know how a processor encrypts the information and even what information it contains. The other way in which the information is obtained is in the fact that the consumption of a processor depends on the data processing
Well, Hertzbleed is such a type of attack. Its danger level is high, since the inclusion can reach extract the keys used for data encryption on remote servers. It does this by using dynamic frequency scaling on x86 ISA processors, which are the ones we use on PCs. This feature is what allows a processor to vary its clock speed depending on the workload. That is to say, it is tied to automatic overclocking and Turbo and Boost speeds of many processors.
Does this affect my PC’s processor?
Because it takes advantage of the processor’s ability to temporarily increase the processor’s clock speed, it means that the system within the processor responsible for the clock speed variation has been affected. The easiest way to solve the problem? Disable it, but as you’ll understand that means losing overclocking and even Boost speeds. So the consequences are clear, it’s a general loss of performance. Like in Meltdown and Spectre. Although this time it is a problem of another nature.
As for the processors concerned, this affects all Intel and AMD processors currently on the market. Also, this is not a problem that can potentially only occur on PCs and any system that can change its clock speed on the fly can be affected by similar issues. In any case, we can’t forget that Intel and AMD have been using the same dynamic frequency mechanisms in their processors for years. This will therefore force them to make a profound change in this regard. The problem? We do not know if the Ryzen 7000 will be affected and in the case of Intel it will be necessary to wait for the Intel Core 15 or beyond.
