Saturday, January 25, 2025
HomeCyber Security NewsPortSmash - A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers...

PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered a new critical side-channel vulnerability dubbed PortSmash that can allow attackers to steal from other simultaneous process running in the same CPU core with that has SMT/Hyper-Threading enabled.

The Simultaneous multithreading process is to improve the overall efficiency and reduces tile by carrying out a number of parallel computing tasks.

The vulnerability named PortSmash CVE-2018-5407 discovered by a group of researchers Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola
Tuveri from Tampere University of Technology, Finland and
Alejandro Cabrera Aldaya from Universidad Tecnologica de la Habana CUJAE, Cuba.

Researchers tested and confirmed vulnerability with Skylake and Kaby Lake processers, they are able to recover the elliptic curve private key from an OpenSSL-powered TLS server.

We able to detect a port carry out timing side-channel attack to exfiltrate a private key from processes running in parallel on the same CPU core. To exploit the vulnerability root permission is not required, researchers said.

Billy Brumley said, “Our attack has nothing to do with the memory subsystem or caching, the nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures.”

Researchers also published proof-of-concept (PoC) on Github that targets the OpenSSL, the library addressed the flaw in OpenSSL 1.1.0h or lower. the exploit code was written in x64 assembly that runs locally on a vulnerable machine.

“We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim,” reads Security Advisory.

Affected Software/hardware

SMT/Hyper-Threading architectures Skylake and Kaby Lake verified by researchers and they expect to work with AMD Ryzen.

OpenSSL – 1.1.0h & Ubuntu 18.04 affected with the vulnerability.

Fix for PortSmash

To fix the vulnerability researchers suggested upgrading with the OpenSSL 1.1.1 or 1.1.0i to fix the issue.

Related Read

New Method to Establish Covert Channel Communication by Abusing X.509 Digital Certificates

NetSpectre – New Spectre Remote Attack over Network Affected Billions of Devices

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...