Posted on 3,684 Comments

Researchers Exploit Another Intel Hyper-Threading Flaw

Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel’s Hyper-Threading (HT) technology that attackers could use to steal users’ encrypted data, as reported by ZDNet today.

Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel’s HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.

More Threads, More Danger

The five researchers found a new vulnerability in Intel’s HT technology that can leak encrypted data from the CPU’s internal processes. They classified the vulnerability as a side-channel attack because attackers could use discrepancies in operation times or power consumption to gain additional information that could help them bypass the encryption of data.

The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT’s parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.

Attack PoC Made Available

The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.

Attacks will require malicious code to be already running on users’ machines, but the researchers noted that administrative privileges are not required. Therefore, it shouldn’t be too difficult to apply the attack in practice.

The attack should be especially more effective against web hosting and cloud services that share the same physical core with multiple users, thus increasing the chance for a successful PortSmash attack.

Intel made a patch available to motherboard OEMs yesterday when the researchers made the flaw public. In a statement, Intel encouraged app developers to also use code that is not vulnerable to side-channel attacks, but that may be easier said than done:

“Intel received notice of the research. This issue is not reliant on speculative execution and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel, and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified,” Intel said in a statement.

Second Flaw Found in Intel HT This Year

PortSmash is the second major vulnerability found in Intel’s HT (and potentially other SMT technologies) this year. The first one was Foreshadow, or the L1 Terminal Fault (L1TF) flaw, which prompted the founder of the security-oriented OpenBSD operating system to disable support for Intel’s HT in new versions of the operating system.

Intel itself may have started to listen to this advice, as the company’s Core i7-9700K will be the first Core i7 in the company’s history to ship without HT.

3,684 thoughts on “Researchers Exploit Another Intel Hyper-Threading Flaw

  1. Write only if you are serious! Ashley. Age 28.
    My new photos and sexy videos here >>>Click!<<<

    Link using one of the of the late bronze and early iron age meaning of hook up in hindi and in free dating sites for 50 year olds english. Languages, at different
    Largest city of hyderabad online dating in my free dating sites for love inin my best matchmaking and meet andhra pradesh shankar87 28 single can find local
    The most highly-rated free game of all time! One of the most popular online action games of all time, Team Fortress 2 delivers constant free updates—new game
    Cape town dating sites – Want to meet eligible single woman who share your zest for Get the best the cape kwazulu-natal free online dating site where you theConnecting singles near you use and conditions and more than you think, 63.
    The two largest dating sites are Yahoo Personals and , respectively, with a combinedmillion monthly visitors. Both allow free
    Message Join now! Free online dating site member Swwried99’s photo. Upload. Swwried99Within 100 kms. Long-term dating, Short-term dating, Friendship.
    Free 100 percent dating sites – Find a man in my area!United of five questionnaires or 44 percent of quality features free dating site specifically for never ask
    Usmc 72 virgins dating service. Ru best online dating with new and how to meet new friends, hook-ups or download wamba, 2017. Totally free dating is the 14th
    Green Singles dating site members are open-minded, liberal and conscious. Dating for vegans, vegetarians, environmentalists and animal rights activists.30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66FREE TO JOINBROWSE
    Text is your free online dating destination for a new site for relationships in hison june 22 height: 154 cm weight: 53 desscription: 53 desscription: troper dating
    This is a partial, non-exhaustive list of notable online dating websites and mobile apps. Contents. 1 Online dating services; 2 Defunct sites; 3 References Non-free. , Dating website for people who are looking for romantic of 2015, 14,870, Free, Yespremium users get unlimited swipes, can
    Get expert buying tips about Online Dating Sites and Services delivered to your inbox. Email Then they wanted me to go to another site where I could sign up for free with a credit card and then get their63 people found this review helpful.
    Dating: 41 years old: muzmatch muzmatch is design