Researchers find yet another security hole in Intel's version of hyperthreading
16 replies, posted
Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel’s Hyper-Threading (HT) technology that attackers could use to steal users’ encrypted data, as reported by ZDNet today.
Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel’s HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.
MORE THREADS, MORE DANGER
The five researchers found a new vulnerability in Intel’s HT technology that can leak encrypted data from the CPU’s internal processes. They classified the vulnerability as a side-channel attack because attackers could use discrepancies in operation times or power consumption to gain additional information that could help them bypass the encryption of data.
The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT’s parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.
Researchers Exploit Another Intel Hyper
thanks intel
until they find another in AMD as well anyways
Well to be fair
Modern CPUs are like cosmic spaghetti when it comes to complexity
"Intel's version of hyperthreading"
Hyperthreading *is* an Intel branding of SMT, nobody else has hyperthreading buy Intel parts. The correct article title would be "Researchers find yet another security hole in Intel's version of SMT"
for all intents and purposes here calling it hyperthreading will do fine lol
I know what hypethreading is, I know what Intel is.
SMT isn't as common of a term. I wouldn't recognise it.
If you know what "threading" is, it's easy enough to put 2 and 2 together.
Most people who use (not build/design/etc.) computers barely know what a hard-drive or SATA connection is, and they're more likely to deal with that than with whatever details apply to threads vs. cores.
I meant the "SMT" acronym. If you're not aware of it, it's a bit hard to guess from a title.
That's acronyms in general. I work with at least 2 pages of acronyms that, unless you were familiar with them, you'd have no idea what they meant.
POS
KVS
BOS
PED
RFM
MOST
RSM
etc.
I highly doubt this one will be able to be exploited via Javascript, which means it's primarily a problem for VM cloud hosts. And that's trivially fixed by not running different VMs on different threads on the same core. It'll cost some efficiency but not even much, probably like 30% or so. And stuff that doesn't involve running customer-supplied code doesn't even need that - cloud data mirrors or web hosts should be perfectly fine.
Really we're just re-learning what we've always known - there is no 100% safe way to run untrusted code on your own machine.
https://files.facepunch.com/forum/upload/223311/cfe32b2c-9ec7-474e-9815-7855d130e798/intelshill4.png
DELETE THIS
30% efficiency is a lot when you tell your higherups you need to buy 30% more servers to handle the same load
Not only that, but can we please just stop eating away at my 3770k!? "oh, it's just 5% here, 15% there." Yeah well, then why the fuck would i ever by the useless fucking thing as a consumer if it's just gonna degrade due to cancerous design?
Send us more bacon or your CPU gets it.
Alright. But i'm marinating it in Whisky. Gotta get you people to lay off the Vodka.
I bet you call linux GNU/Linux
Not really, no. The article title just had sloppy writing and was factually misleading. My only point was that the technique isn't even inherently unique to Intel, and they weren't the first to do it. It's like saying "AMD's version of Radeon graphics" to reference GPUs, and falsely attributes the broader more correct term to a branded property unique to one company.
As for the article content itself, it is a rather interesting exploit and I think that it further reinforces the idea that there is no secure way to execute untrusted code. SMT is a useful feature we will just have to be more careful in the future about how we partition processor resources in order to prevent these sort of side-channel exploits from being leveraged as easily.
Sorry, you need to Log In to post a reply to this thread.