Side-Channel Vulnerability Could Be Exploited to Steal Data
A new side-channel vulnerability, dubbed PortSmash, uses a timing attack to steal information and other processes running in the same CPU core with SMT/Hyper-Threading enabled. SMT/Hyper-Threading is a technique to improve the efficiency of CPUs by allowing two logical cores to run separate processes at one time. Researchers used this attack to steal the private decryption key from an Open SSL thread running in the same core as the exploit code. The researchers successfully exploited this vulnerability against Intel Skylake and KabyLake processors and expect it to also work against AMD Ryzen processors. The NJCCIC recommends reviewing the security advisory and white paperreleased by the researchers and upgrade to OpenSSL 1.1.1, apply the patch to other OpenSSL versions, or disable SMT/Hyper-Threading in the bios.