Hertzbleed Hacks Target Computer Chips to Steal Sensitive Data

Hertzbleed Hacks Target Computer Chips to Steal Sensitive Data
Published on

Companies should be aware of the new form of cyberattack, Hertzbleed to protect confidential data

The global tech market has recently got terrorized by the new form of cyberattack known as Hertzbleed. It is known as the Hertzbleed computer chip hack that breaches the data privacy concern from the group of cybercriminals. It can read snippets of data from computer chips that can leave cryptography algorithms open to attack by cybercriminals. Hertzbleed has started targeting computer chips to steal sensitive data and gather relevant information from computer systems. Let's hack into the detailed information about this new cyberattack, Hertzbleed, that every company should be careful of.

Hertzbleed cyberattack: The detailed information

Hertzbleed cyberattack is a new advanced form that cybercriminals have started to steal sensitive data by breaching the data privacy concern. It reaps the benefits of the power-saving feature to successfully steal the data efficiently and effectively. The cybercriminals group of Hertzbleed can observe carefully how a computer completes its operations quickly. The observation is needed to determine the current throttling of the CPU by the computer system. This cyberattack enables cybercriminals to extract cryptographic keys from remote servers to breach data privacy policies.

Hertzbleed is a potential and emerging threat to the data privacy of cryptographic software. Cybercriminals can leverage a novel chosen-ciphertext attack for performing the full key extraction through remote timing. It is known for showing that on modern x86 CPU, the power side-channel attacks can be transformed into timing attacks. Hertzbleed even helps to leak cryptographic code through remote timing analysis.

There are two assigned CVE (Common Vulnerabilities and Exposures) systems for tracking Hertzbleed such as CVE-2022-23823 as well as CVE-2022-24436. The root cause is known as the dynamic voltage and frequency scaling (DVFS) for decreasing the power consumption as well as ensuring the system stays below the power and thermal limits. DVFS is known for relying on power consumption as well as processed data. it is also the power management throttling feature in modern CPUs or computer chips. This new security vulnerability has started affecting all types of modern Intel as well as AMD CPUs. It lets cybercriminals steal encryption keys with a side-channel attack.

Cybercriminals can observe the power signature of any cryptographic key. It enables the cybercriminals to convert the power signature into timing data. It has affected all Intel processors and AMD's Zen 2 and Zen 3 processors or microarchitectures. There are thousands of servers that will store and process relevant information while archiving data and running the services that one uses daily. This new cyberattack on computer chips can affect multiple products such as mobile, desktop, Chromebook, server CPUs, and many more.

Potential solutions to stop the attack on computer chips

Hertzbleed is known to be created by a research group from the University of Texas, the University of Illinois Urbana-Champaign, as well as the University of Washington. There is no solution for the new advanced cyberattack to prevent the data privacy breach. It depends on the normal operation of a computer chip feature and that can be tricky to provide a solution. There can be one potential solution — turning off the CPU throttling features on all computer chips — but it will create a huge impact on the performance.

There are different modes for developers to pave through the power analysis-based side-channel leakages in this modern cyberattack. Developers can use masking, hiding, key-rotation, and many more. The disabling frequency boost feature can also help to mitigate the new computer chip attack. Intel has named the frequency boost feature Turbo Boost while AMD has called it Turbo Core.

More Trending Stories 

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net