Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. This is a tricky task as the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.
The team discovered that dynamic voltage and frequency scaling (DVFS) -- a power and thermal management feature added to every modern CPU -- allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries.
The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely. The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose -- or bleed out -- data that's expected to remain private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs.
The researchers have already shown how the exploit technique they developed can be used to extract an encryption key from a server running SIKE, a cryptographic algorithm used to establish a secret key between two parties over an otherwise insecure communications channel.