On Friday, a new attack called PortSmash was announced.  This attack exploits Intel’s Hyper-Threading architecture to steal your data.
Details here: https://www.digitaltrends.com/computing/new-portsmash-attack-allow-attackers-to-steal-encrypted-data/

What do we know so far?

Researchers have uncovered yet another side-channel attack name PortSmash in Intel and AMD CPUs.  All CPUs that have simultaneous multithreading (SMT) architecture and Intel’s Hyper-Threading (HT) technology are affected by the attack.  A PoC code has been published by the researchers to prove this is possible and not just a theory.

For the attack to be successful the malicious code must run on the same CPU core as the legitimate code.  Due to SMT and HT, the code running on one thread can also observe what is happening on other thread, and an attacker could use this behavior to inject malicious code in tandem with legitimate code in order to eavesdrop.  The malicious code will then leak encrypted data in bits and pieces that can be later reconstructed by the attacker.  Intel has released the patch for the same.

What is the Delivery Mechanism?

We are not aware of any delivery mechanism for the malicious code but, from the report it can delivered using regular phishing attack and other mechanisms.

Are Datacenter affected?

Yes, datacenters are affected due to this attack.  The shared model of public datacenter makes this attack quite dangerous: attackers simply rent VMs and run malicious code that run on the same CPU core as the legitimate code to eavesdrop.  Technically, they don’t have to build a delivery mechanism. However, to exploit private datacenter they have to build a delivery mechanism.


Tags: , ,