PortSmash flaw in Hyper-Threading CPU could allow sensitive data theft
5.11.2018 securityaffairs

PortSmash side-channel flaw that could be exploited with a timing attack to steal information from other processes running in the same CPU core.
PortSmash is a new side-channel vulnerability that could be exploited with a timing attack to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled.

A group of researchers from Tampere University of Technology in Finland (Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, and Nicola Tuveri) and the Universidad Tecnologica de la Habana CUJAE in Cuba (Alejandro Cabrera Aldaya) demonstrated that it is possible to steal a private decryption key from an OpenSSL thread running in the same CPU core where the exploit code was in execution.

The experts also published a research paper titled “Port Contention for Fun and Profit.”

“We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim (an OpenSSL-powered TLS server in this case).” reads the security advisory.

SMT/Hyper-threading is a “Simultaneous Multithreading (SMT)” technology that allows code developed to execute multiple threads to be processed in parallel within a single CPU core with a significant increase of the performance.

Experts were able to detect port contention to carry out a timing side channel to exfiltrate a private key from processes running in parallel on the same CPU core.

“These ports are the object of the discussed port contention. Let’s for example suppose port 5 is used by a victim process during a particular crypto operation: while the victim process is not using port 5, the spy process running on the other thread will have undelayed access to repeatedly execute on port 5; as soon as the victim process issues an operation on port 5, the scheduler will delay ops from the spy process to ensure fairness. The spy process can thus measure the delay in the execution of its operations for port 5, and determine when the victim process is using the same port.

This is the signal that can then be processed to ultimately recover a private key.” – Tuveri told BleepingComputer.

The experts successfully tested this flaw against Intel Skylake and KabyLake processors, but they expect it works also on AMD Ryzen processors.

“We verified it on Intel Skylake and Kaby Lake, but just because we did not have access to different machines with SMT,” Tuveri added.

“We expect it to work also on AMD Ryzen, but left this to future work.”

The experts also published a proof-of-concept exploit that targets OpenSSL, maintainers of the library addressed the flaw with the release of the OpenSSL 1.1.1.

To mitigate the attack, experts suggest disabling SMT/Hyper-threading on a computer.