Saturday, April 20, 2024

PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data

By Guru baran

Researchers discovered a new critical side-channel vulnerability dubbed PortSmash that can allow attackers to steal from other simultaneous process running in the same CPU core with that has SMT/Hyper-Threading enabled.

The Simultaneous multithreading process is to improve the overall efficiency and reduces tile by carrying out a number of parallel computing tasks.

The vulnerability named PortSmash CVE-2018-5407 discovered by a group of researchers Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola
Tuveri from Tampere University of Technology, Finland and
Alejandro Cabrera Aldaya from Universidad Tecnologica de la Habana CUJAE, Cuba.

Researchers tested and confirmed vulnerability with Skylake and Kaby Lake processers, they are able to recover the elliptic curve private key from an OpenSSL-powered TLS server.

We able to detect a port carry out timing side-channel attack to exfiltrate a private key from processes running in parallel on the same CPU core. To exploit the vulnerability root permission is not required, researchers said.

Billy Brumley said, “Our attack has nothing to do with the memory subsystem or caching, the nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures.”

Researchers also published proof-of-concept (PoC) on Github that targets the OpenSSL, the library addressed the flaw in OpenSSL 1.1.0h or lower. the exploit code was written in x64 assembly that runs locally on a vulnerable machine.

“We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim,” reads Security Advisory.

Affected Software/hardware

SMT/Hyper-Threading architectures Skylake and Kaby Lake verified by researchers and they expect to work with AMD Ryzen.

OpenSSL – 1.1.0h & Ubuntu 18.04 affected with the vulnerability.

Fix for PortSmash

To fix the vulnerability researchers suggested upgrading with the OpenSSL 1.1.1 or 1.1.0i to fix the issue.

Related Read

New Method to Establish Covert Channel Communication by Abusing X.509 Digital Certificates

NetSpectre – New Spectre Remote Attack over Network Affected Billions of Devices

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]