Threat Response: Side-channel attack: PortSmash

02-11-2018

In the last couple of hours, news about a new side-channel vulnerability, PortSmash, is coming out [1, 2]. This vulnerability impacts at least Intel CPUs with HyperThreading. It is suspected that AMD CPUs that use SMT (Simultaneous Multi Threading) are also vulnerable, but this has not yet been confirmed.

Description

This vulnerability is a so called side-channel attack. A side-channel attack is an attack where processes running on a computer can read or infer information from the CPU or the memory, by timing operations and checking for minor discrepancies. This information cannot be directly accessed. Some possible discrepancies that could be monitored are power consumption, execution times and in some cases even sound waves.

This is non-trivial, and in this case demands local acces to the machine. That does mean that shared hosting environments could be impacted.

In the case of PortSmash, the fact that SMT offers the capability to run two processes in parallel on a single CPU core, is misused. This capability allows a process to measure execution times of a process that is being run on the same core at the same time. A PoC has been released for this attack [3], and in the coming days the researchers will release a paper. When more information about this vulnerability is released, we will let you know.

Currently, we deem the chance of actual execution of this attack low.

Mitigation

Currently, no other mitigation than turning off SMT on the vulnerable machines.

What will Northwave do?

Currently there are no Indicators of Compromise (IoCs) known for this vulnerability. If any become available, they will be added to the Northwave Detection Platform if feasible. Because of the nature of the vulnerability, this does not seem likely.

If you need additional information you can call us by phone or send us an email.

Phone number: 030-3031244 (during business hours)
E-mail: soc@northwave.nl

Sources

[1]: https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2018-0983+1.00+Kwetsbaarheid+ontdekt+in+Intel+processoren+portsmash.html

[2]: https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

[3]: https://github.com/bbbrumley/portsmash

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.

Een vraag? Vraag het ons!

Stuur ons een e-mail of bel meteen met + 31 30 303 1240 en vraag naar ons client services team.

0 + 4 = ?

This contact form is deactivated because you refused to accept Google reCaptcha service which is necessary to validate any messages sent by the form.