Hertzbleed has been made public today as a new family of side-channel attacks making use of frequency side channels. Both Intel and AMD have issued security advisories as a result.
Hertzbleed is self-described as:
Hertzbleed takes advantage of our experiments showing that, under certain circumstances, the dynamic frequency scaling of modern x86 processors depends on the data being processed. This means that, on modern processors, the same program can run at a different CPU frequency (and therefore take a different wall time) when computing, for example, 2022 + 23823 compared to 2022 + 24436.
Hertzbleed is a real, and practical, threat to the security of cryptographic software. We have demonstrated how a clever attacker can use a novel chosen-ciphertext attack against SIKE to perform full key extraction via remote timing, despite SIKE being implemented as “constant time”.
First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface. The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second).
Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel’s one) are insufficient to guarantee constant-time execution on modern processors.
Intel’s security disclosure states that “all” Intel processors are affected while the researchers did verify the past several generations are affected. Intel is recommending software developers follow new guidance to harden their libraries and applications against frequency throttling information disclosure.
Intel has issued a security advisory for Hertzbleed with all Intel CPUs affected.
AMD’s security advisory isn’t yet public but it’s known at least Zen 2 and Zen 3 are affected. Other CPU architectures have not been verified yet but may be affected given their similar approach to frequency scaling.
Aside from hardening your cryptographic software, there isn’t a workaround/solution for Hertzbleed besides disabling TurboBoost / Turbo Core / Precision Boost functionality.
More details on this new vulnerability at Hertzbleed.com. Researchers from the University of Illinois Urbana-Champaign, University of Texas at Austin, and University of Washington have been working on Hertzbleed since last year.