Skip to main content

PortSmash attack exploits Intel’s Hyper-Threading architecture to steal your data

http://s3.amazonaws.com/digitaltrends-uploads-prod/2018/10/samsung-chg90-ultrawide-monitor-review-5481.jpg
Intel

Security researchers from Finland and Cuba have discovered a side-channel attack, known as PortSmash, that affects Intel chips and could allow attackers access to encrypted data processed from a computer’s CPU. The vulnerability exists on chipsets that use simultaneous multithreading (SMT) architecture, so it could also affect AMD chips in addition to Intel chips with Hyper-Threading technology.

Researchers claimed that they notified Intel of the vulnerability at the beginning of October, but the chip-maker did not have a patch ready until the end of the month, the same day that a proof-of-concept code was published on Github to show how the attack would work on Intel’s Skylake and Kaby Lake architectures.

Recommended Videos

For PortSmash to work, malicious code must run on the same PC using the same processor core as the legitimate code. SMT and Intel’s Hyper-Threading technology allow for codes to run on separate threads simultaneously using the same processor core. This delivers greater efficiency, as more code can be executed at the same time. However, code executed on one thread can also observe what is happening on the other thread, and an attacker could use this behavior to inject malicious code to run in tandem with a legitimate code in order to eavesdrop on the processor. The malicious code will leak out bits of encrypted data that it observed from the legitimate process, allowing an attacker to reconstruct the encrypted data from the leak.

“We detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core,” Billy Brumley, security researcher, and one of the research paper’s authors, told The Register.

Intel has since responded to the findings of Brumley and his team, noting that the issue is not related to already widely-known vulnerabilities like Spectre or Meltdown.

“We expect that it is not unique to Intel platforms,” Intel said. “Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners, and researchers to understand and mitigate any vulnerabilities that are identified.”

Brumley noted that in order for PortSmash to work, the malicious code must run on the same processor as the target machine. Brumley’s team has not tested PortSmash on AMD processors, but the plan is to see if the same kind of attack can happen on Ryzen processors in the future.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
The compact Dell XPS 13 is on sale for one of the lowest prices we’ve seen
Dell XPS 13 9345 front view showing display and keyboard.

The Dell XPS 13 used to go on sale all the time, and was often included in some of the best laptop deals. That hasn’t happened for a bit. However, today we spotted the Dell XPS 13 with Snapdragon X Elite processor at a huge discount. Usually, it's $1,300, but right now you can buy it for $1,000 saving you $200. Ideal for anyone who desires excellent style and form, this Dell XPS 13 makes for a solid last-minute purchase before the holidays. It's also extra compact and portable while still being suitably powerful for work and school. Here’s all you need to know about it before you tap the buy button below.

Why you should buy the Dell XPS 13
Our Dell XPS 13 review explains all you need to know about the system in-depth. Simply put, it provides excellent build quality, it’s thin and light, has great battery life, and provides exceptional performance too. We really love the compact and lightweight design that serves the portable nature well. You can take it and use it virtually anywhere. That makes it so great for school, work, or some productive tasks.

Read more
Best laptop deals: Save on the Dell XPS 14, MacBook Pro 16 and more
The Dell XPS 14 on a white table with the screen open.

There are a lot of great laptop options out there, especially with some of the best laptop brands out there starting to branch out beyond what they are usually known for. That means that you can snag anything from an excellent 2-in-1 to a gaming laptop while still finding excellent deals. Of course, you don't need the best laptops to get something that's pretty great quality and can even compete with desktop computers, so if you want something budget-oriented, you're in luck.
That's why we've gone out and collected these deals from the best brands; you'll find HP laptop deals, Dell laptop deals, Acer laptop deals, Lenovo laptop deals, and more. They run the gamut from Chromebook deals and 2-in-1 laptop deals to powerful gaming laptop deals and everything in between.

HP Chromebook 14a -- $220 $320 31% off

Read more
This 17-inch HP Envy laptop is $380 off today
The opened HP Envy 17t-da000 with an abstract background.

Sometimes, all you need is a classic laptop with a tried and true reputation. Combining power and performance, HP is a brand that delivers consistently good laptops, which is why we’re glad to shine a light on this offer: For a limited time when you order the HP Envy 17t Laptop through the manufacturer, you’ll save $380. At full price, this model sells for $1,150.

Why you should buy the HP Envy 17t Laptop
There’s nothing like a solid Windows PC to get you through a work or school day (we also have a list of great student laptop deals!). The HP Envy 17t is also a great laptop to chill out with at the end of a long shift. Under the hood, this Envy 17t configuration runs an Intel Core Ultra 5 with Intel Arc Graphics, 16GB of RAM, and 512GB of storage. You’ll also get a 17.3-inch IPS screen that brings 1920 x 1080 resolution and 300-nit peak brightness levels to the table.

Read more