Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Intel Security

Intel CPUs Impacted by New PortSmash Side-Channel Vulnerability (zdnet.com) 116

Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes. From a report: The new vulnerability, which has received the codename of PortSmash, has been discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba. Researchers have classified PortSmash as a side-channel attack. In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data. Researchers say PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core. [...] Researchers say they've already confirmed that PortSmash impacts Intel CPUs which support the company's Hyper-Threading (HT) technology, Intel's proprietary implementation of SMT.
This discussion has been archived. No new comments can be posted.

Intel CPUs Impacted by New PortSmash Side-Channel Vulnerability

Comments Filter:
  • PortSmash impacts Intel CPUs which support the company's Hyper-Threading (HT) technology, Intel's proprietary implementation of SMT.

    Never liked Hyper-Threading. It always seemed like a fishy hack — and now my irrational fears have been "substantiated" by Finnish and Cuban academics...

    • by alvinrod ( 889928 ) on Friday November 02, 2018 @11:21AM (#57581170)
      It's not a bad idea in general and it certainly made a lot of sense when Intel introduced it since the number of stages in their CPUs' pipelines were massive (eventually ~30 with the last generation of P4 chips) and adding the functionality cost very little in terms of additional die space for the performance boost you would get.
      • by mi ( 197448 )

        adding the functionality cost very little in terms of additional die space for the performance boost you would get

        What "performance boost"?..

        • Re: (Score:2, Informative)

          by Anonymous Coward

          SMT adds the ability to achieve about a 30% overall system performance gain at the cost of a mere 10% additional die space.
          As far as design choices go and economics, it's a very solid choice to make.

          Overall system throughput is of course load-dependent.
          Neither multiple cpus, multiple cores, nor multiple contexts will help a single threaded workload just the same.

          • by Bert64 ( 520050 )

            Only when your code is inefficient and causing pipeline stalls, if your code is well optimized then SMT is more likely to cause a performance loss.

            • by gman003 ( 1693318 ) on Friday November 02, 2018 @03:12PM (#57582602)

              Some code can't be compute-bound, no matter how well written. Stuff with very random memory access patterns, for example - 3D particle systems are notorious for this. While one thread is blocked on a LLC or RAM read, the other has full use of the core.

              Some code can also be very optimized for SMT. It's rare to have two threads using almost exclusively separate execution units of a core, but if your problem is naturally divisible in such a way, you can get a full 100% performance improvement. Think a Huffman decoder feeding data to some kind of SIMD floating-point number crunching - one thread's using mostly shifts and integer math, the other's using SSE, and SMT will let both run simultaneously.

              • Isn't something with very random memory access patterns most likely limited by ram throughput anyway?
    • by HiThere ( 15173 )

      I've never liked hyperthreading either, but in my case it's because it didn't optimize things correctly for me. I want genuinely separate multi-processor systems that can communicate rapidly with each other. And rather than fancy instruction sets, I'd be satisfied with a 64 bit version of the z-80...plus a few to handle interprocessor communication.

      OTOH, I realize that my proposed task-load is substantially different from the most common case.

  • Spectre, Meltdown, a few others I forgot, and now this one. Okay security fearmongering douches, I just have one fucking question. If all this shit is so bad, where are the exploits for SSH? The phrases "tempest in a teapot" and "much ado about bullshit" come to mind. Why aren't there worms ravaging the internet and pwning every intel-based router and host machine on the net? Perhaps because all these TLB exploits and crypto hand wringing make for much better copy on some wired article than they make resear
    • by iggymanz ( 596061 ) on Friday November 02, 2018 @11:14AM (#57581120)

      Stupid point of view, you're saying we have to wait until some no-goodnick exploits a known and proven weakness before we lift a finger to do anything? No, they need to be fixed before something bad happens. some of us are responsible for machines that handle billions of dollars, we can't take your lazy attitude

      • by Seven Spirals ( 4924941 ) on Friday November 02, 2018 @11:22AM (#57581176)
        No, I'm not saying take no action, I'm saying don't tell me it's the end of computing unless it really is. Quit acting like all these *potential* vulnerabilities amount to anything but a "possible fear". They aren't fully-formed threats, they are nebulous bullshit until they can be shown to be something else. Also, this shit has been going on all through 2018 if it's so bad that we all need to prepare so much, then why haven't ANY of these flaws really resulted in 4/5ths of 5/8ths of FUCK ALL?
        • by Anonymous Coward

          Relax. It's an ongoing war, and the doomsday scenario you're hoping for might indeed happen.

          The way software works, you don't just have one surface area that can be attacked like popping a balloon. It's more like an onion composed of many stacked layers. Some of these vulnerabilities are serious because they're either lower level, in hardware or code that we thought was well-tested for years or even decades, and other times they're serious because there's no quick and fast workaround that doesn't cause it

          • "If you do nothing, it'll be definitely catastrophic." I hear this argument a lot these days. Still sounds like bullshit. Nobody gets rich betting on the end of the world.
          • by postbigbang ( 761081 ) on Friday November 02, 2018 @12:17PM (#57581550)

            It's not really a war, it's more intrigue and economy

            The state actors will try to have the exploits first. They'll pay mightily to have them, and let them do work quietly for a long time. I suspect they're already at work. Because of the problem in AMD's PSP chips, some exploits will never be detected, ever, only blindly wiped at some point.

            Other exploits will try to be quiet and quietly unobtrusive for as long as possible. Then there'll be a leak or a copycat found, and available on an onion address for a short while at a slowly degrading price, until someone buys and exposes it, and then there will be a fury of patching until variants of that bug come alive, while other bugs are sitll in stage one or two.

            Don't believe nothing's going on. We're just in the quiet stage, until someone either screws up and lets their EK become revealed, or a handy packet snifter starts alarming someone to a rogue somewhere. Then something at stage one will go to stage two. That's how this works.

          • Not really.... only sometimes. I definitely remember days where flaws followed up minutes, hours, or days later with REAL exploits. The rpc.statd exploits were that way and so were Samba 2.x flaws. It didn't take 11 months for someone to "unwrap the onion", more like 11 minutes for actual flaws that aren't made up of pure fear and unicorn farts.
    • by crow ( 16139 ) on Friday November 02, 2018 @11:15AM (#57581122) Homepage Journal

      Those were big bugs, and they have real impacts. Not all impacts allow remote exploit. For home users, the impact is to change any remote exploit that gains user privileges into one that gains root privileges. That's important, but not a disaster.

      Where the real disaster is is in virtualized systems. That class of exploits allows you to potentially hack from one VM into another running on the same physical hardware. That's a disaster for cloud providers, but fortunately, they have professional IT teams that can stay on top of required patches, to the extent that they are able to do so. Unfortunately many of the patches may need to be done inside the user-controlled VMs.

      This sounds like a somewhat similar bug in that if you can execute on one hyperthread, you can figure out what is going on on the other one on the same core (or at least I suspect that's it--I didn't read the article). Again, that's bad for virtualized systems, but not that serious for most home users. It does potentially blow a big hole in the security for whole-disk encryption and things like that, which some people are going to be very concerned about.

    • While this is obviously a trolling attempt, the fact is that there is an element of truth in it. An example: we have been told for years now that RSA-1024 is insecure, and that it should have been ditched long ago. In truth, no RSA-1024 certificates have been compromised because an RSA-1024 has been broken. The largest RSA keys that have been brute-forced were RSA-768 a few years. After many months of work on many different systems in the network. I.e. after a huge effort, that nobody has so far attempted t

      • I don't dispute what you said, it's correct, however, I do want to point out a few things.

        we have been told for years now that RSA-1024 is insecure, and that it should have been ditched long ago

        If someone told you it's insecure, then they should have preceded it with, "in some situations". And you hit on the reason a bit further in your comment, here.

        If the bad guys/government agencies really wanted your data (which they probably don't anyway) they have far more efficient, faster, cheaper and better methods at their disposal to obtain it

        But brute-forcing it is also an option for State sponsored cracking efforts. And indeed, for most folks, RSA-1024 is good enough unless you're targeted. At least right now. But the timelines for when to retire a given RSA strength was based mostly on Moore's

    • ...it's just not materializing.

      :-) How do you know that?

      • Well, running thousands of Internet-legal IP hosts, managing firewalls & NIDS across dozens of sites globally, and finally having a shitton of Intel servers gives me at least some idea. Is some uber-hacker sitting on a secret unused megaspoit? Sure, maybe, or maybe they have an even worse method. However, that's an argument like "How do you know there is no God?" It's tough to disprove anything completely. However, some of us are pragmatists and not "security experts" with vivid imaginations about what
  • Do not buy the new 2018 top-of-the-line i7 Mac mini, the i3 and i5 options without hyper-threading are safer. Got it.

    • Hyperthreading usually can be shut off in BIOS, why not do that if you're worried and your apps don't need it? my apps certainly don't benefit from it much...

      • Re:So... (Score:4, Informative)

        by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday November 02, 2018 @11:20AM (#57581162) Homepage Journal

        Hyperthreading usually can be shut off in BIOS, why not do that if you're worried and your apps don't need it? my apps certainly don't benefit from it much...

        No BIOS on Macintoshes. And no other way to permanently disable HT, AFAICT. You can disable it with Instruments.app and probably with sysctl. (I do not own a Mac with an Intel CPU, I just googled.)

        • "To be clear, Macs don't have a BIOS, they have an EFI." I know fuck all about macs, but you got me curious. Then I realized after 2 clicks you were being pedantic as usual.

          • EFI and UEFI are both a form of BIOS. BIOS is not "BIOS" unless you're on an old IBM PC.

            Compaq stole BIOS from IBM and basically revolutionized the industry. No, Compaq did NOT develop a compatible implementation in a clean room scenario. No fucking way. Yes, I know they won in court. No, I'll still never believe that load of horse shit.

            The BIOS you have today is not IBM's BIOS, but a basic input/output system used for low level setup, hardware initialization, etc. EFI and UEFI are simply modern versi

            • Comment removed (Score:5, Informative)

              by account_deleted ( 4530225 ) on Friday November 02, 2018 @01:07PM (#57581834)
              Comment removed based on user account deletion
              • by flygeek ( 460427 )

                Not to mention that IBM provided the source code for the BIOS in the extended manual kit, so Compaq had a good idea of what they were not supposed to copy...

                • Compaq claims they produced a compatible BIOS without even so much as taking a peek under the covers. Absolute horse shit.

                  • Compaq claims they produced a compatible BIOS without even so much as taking a peek under the covers. Absolute horse shit.

                    Those BIOSes were stunningly simple. They hardly did anything because they hardly had anything to do. The 5150 PC had one bus, with little more than a keyboard controller and a floppy controller on it, plus whatever primitive display card you had — mine didn't even have graphics when I got it, just a text-only display card. The original BIOS didn't even know how to talk to a storage controller other than a floppy, though my PC had upgraded ROMs that would do it.

                    It's not hard to imagine that Compaq cou

              • You're missing the point entirely. They're all BIOS. They all serve the same purpose and function that BIOS does. Saying EFI and UEFI have nothing in common with Coke is like saying Pepsi has nothing in common with Coke, while failing to realize you're in Atlanta and Coke is the common term for all cola. Just because a given EFU / UEFI doesn't support the same hardware as a given BIOS does, doesn't mean EFI and UEFI and BIOS are fundamentally different.

                It has EVERYTHING to do with the IBM PC because Com

    • wait for the 2020 mac pro with amd!

  • by xluap ( 652530 ) on Friday November 02, 2018 @11:23AM (#57581182)

    If a hyperthread can spy on the other hyperthread that runs on the same core, it is possible to disable hyperthreading.

    However, the next exploit will be that one core can spy on another core. This is possible because all cores use the memory subsystem including the L3 cache that is shared between all cores.

  • So (Score:4, Funny)

    by Impy the Impiuos Imp ( 442658 ) on Friday November 02, 2018 @11:41AM (#57581288) Journal

    The aliens in Independence Day never stood a chance.

  • How does this exploit work in practice? Do you have one legitimate process doing encryption/decryption while another process tries to get itself hyperthreaded with the first in order to spy on it?

    Why not have HT available only for threads of a single process? That would stop two unrelated programs from sharing the same core simultaneously.

  • In lay terms, the attack works by running a malicious process next to legitimate ones using SMT's parallel thread running capabilities.

    Once again, we are presented with an 'exploit' that requires one to have compromised the target already, rendering this as a "Why bother? You're already inside."

    This feels more like bashing Intel than anything else at this point.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...