Results 1 to 16 of 16

Thread: Side-channel vulnerability called PortSmash detailed

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    Side-channel vulnerability called PortSmash detailed

    Researchers used this vulnerability as a vector to steal private decryption keys.
    Read more.

  2. #2
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.

  3. #3
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Tabbykatze View Post
    Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.
    Yeh, I was thinking this... It's not exactly the biggest vulnerability in the world ever.

  4. #4
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,042
    Thanks
    3,909
    Thanked
    5,213 times in 4,005 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: Side-channel vulnerability called PortSmash detailed

    No bother since Intel has switched off SMT for almost its whole consumer range now - what a coincidence(sorry at the cheap shot).

    I wonder if Ryzen is affected??

  5. #5
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

    Another cheap shot.

  6. #6
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,042
    Thanks
    3,909
    Thanked
    5,213 times in 4,005 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by philehidiot View Post
    Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

    Another cheap shot.
    I know just the people!!

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    Not sure how much it will be affected because of the way they handle inter core and thread security but we will have to see what they come out with. Because this is not a speculative execution vulnerability but is instead inside core thread handling it could be.

  8. #8
    Member
    Join Date
    Jun 2014
    Posts
    100
    Thanks
    0
    Thanked
    10 times in 9 posts

    Re: Side-channel vulnerability called PortSmash detailed

    I get that it's important to say that it could affect other SMT implementations and AMD is the only other real player with SMT but mentioning AMD in the first sentence and saying "other architectures featuring SMT, especially AMD Ryzen systems, are also vulnerable to PortSmash style exploits" is misleading. The results are only about intel and there's nothing about ryzen's SMT implementation that makes it 'especially' vulnerable other than it has SMT. Using the word 'especially' instead of 'like' changes the context from "possibly also affects other SMT implementations which include AMD" to "AMDs SMT implementation will be affected more than others".

    Not making any accusations but if I wanted to get hold of a brown envelope stuffed with cash I might just start writing articles about CPUs and just wait for the guy in the trench coat to turn up. Or maybe I could start benchmarking CPUs? Or maybe I could open up a security analysis lab? I reckon Intel spend more on "creative marketing" than r&d, that's why they haven't cracked 10nm!

  9. #9
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by EN1R0PY View Post
    I get that it's important to say that it could affect other SMT implementations and AMD is the only other real player with SMT but mentioning AMD in the first sentence and saying "other architectures featuring SMT, especially AMD Ryzen systems, are also vulnerable to PortSmash style exploits" is misleading. The results are only about intel and there's nothing about ryzen's SMT implementation that makes it 'especially' vulnerable other than it has SMT. Using the word 'especially' instead of 'like' changes the context from "possibly also affects other SMT implementations which include AMD" to "AMDs SMT implementation will be affected more than others".

    Not making any accusations but if I wanted to get hold of a brown envelope stuffed with cash I might just start writing articles about CPUs and just wait for the guy in the trench coat to turn up. Or maybe I could start benchmarking CPUs? Or maybe I could open up a security analysis lab? I reckon Intel spend more on "creative marketing" than r&d, that's why they haven't cracked 10nm!
    Looks like the wording may have been changed as now it just says "and possibly AMD".

  10. #10
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Side-channel vulnerability called PortSmash detailed

    It will almost certainly effect AMD CPUs as it basically makes use of a vulnerability that's been known about for over a decade, if you attempt to use the same resource you can detect a conflict through timing differences. It's more to do with bad code than bad hardware as the storing of cryptography stuff shouldn't have an effect on the code you're running.

  11. #11
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    When I read it I got the impression that the people who had done it were fairly confident it could translate across to AMD but frankly, the whole thing is probably beyond my understanding.

    A computer scientist was trying to teach me how to use logic gates to build an adder.

    I asked how you make chips slither.

    He stopped trying to teach me soon after.

  12. #12
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Corky34 View Post
    It will almost certainly effect AMD CPUs as it basically makes use of a vulnerability that's been known about for over a decade, if you attempt to use the same resource you can detect a conflict through timing differences. It's more to do with bad code than bad hardware as the storing of cryptography stuff shouldn't have an effect on the code you're running.
    It will affect the technology but AMD may have already got security implementations in place to prevent cross thread access. As with Spectre and Meltdown, Meltdown was null on AMD simply because they do not allow any call to be run without the appropriate security level whereas Intel sacrificed security for performance allowing some calls while authority was checked.

    We shall have to see if PoC is established on AMD processors.

  13. #13
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Side-channel vulnerability called PortSmash detailed

    This isn't a cross thread access thing, it's a timing thing, technically Spectre and Meltdown wasn't a thread access thing either as a malicious program couldn't access the code.

    All of these types of attack depend on speculating, in the case of Spectre and Meltdown an attempt to run code would be requested and while privilege levels where being checked the CPU would start running that code despite the privilege level not being known at the time, while that malicious code is attempting to run and its privilege level is being checked the time it takes to access certain resources is measured. While the malicious code ultimately fails because it fails a privilege check we can deduce what resources would have been used by looking at the varying times of accessing certain resources.

    At a completely inaccurate hypothetical level if i ask the CPU to load the alphabet one letter at a time i can detect if the CPU was already working on the letters HACK because those letters loaded far quicker than the other letters, PortSmash is similar in that it runs code to detect what resources are in use. It's all a bit like how we know black holes are a thing despite not being able to see them.

  14. #14
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by Corky34 View Post
    This isn't a cross thread access thing, it's a timing thing, technically Spectre and Meltdown wasn't a thread access thing either as a malicious program couldn't access the code.

    All of these types of attack depend on speculating, in the case of Spectre and Meltdown an attempt to run code would be requested and while privilege levels where being checked the CPU would start running that code despite the privilege level not being known at the time, while that malicious code is attempting to run and its privilege level is being checked the time it takes to access certain resources is measured. While the malicious code ultimately fails because it fails a privilege check we can deduce what resources would have been used by looking at the varying times of accessing certain resources.

    At a completely inaccurate hypothetical level if i ask the CPU to load the alphabet one letter at a time i can detect if the CPU was already working on the letters HACK because those letters loaded far quicker than the other letters, PortSmash is similar in that it runs code to detect what resources are in use. It's all a bit like how we know black holes are a thing despite not being able to see them.
    That's pretty impressive.

  15. #15
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    13,010
    Thanks
    781
    Thanked
    1,568 times in 1,325 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 5900X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 2TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 39 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 900Mb/900Mb (CityFibre FttP)

    Re: Side-channel vulnerability called PortSmash detailed

    Quote Originally Posted by CAT-THE-FIFTH View Post
    I wonder if Ryzen is affected??
    I expect it will be.

    The interesting ones would be IBM Power and Sun SPARC chips, as they have more than 2 threads per core so whilst the information is leaked from one thread you might need to instrument the other 3 threads on Power or the other 7 threads on a Sparc to recover the data.

    Edit: Changed 15 threads to 7 on Sparc as Niagra was too dumb to port block, but later 8 thread designs were finer grained.
    Last edited by DanceswithUnix; 05-11-2018 at 08:20 PM.

  16. #16
    Be wary of Scan Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    1,079
    Thanks
    40
    Thanked
    137 times in 107 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • 48GB Corsair DDR4 3000 Quad-channel
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 840 EVO; RAID-0 x2 WD Black; RAID-0 x2 Crucial MX500
      • Graphics card(s):
      • MSI GeForce GTX 1070 Ti
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Philips 40" 4K AMVA + 23.8" AOC 144Hz IPS
      • Internet:
      • Zen FTTC

    Re: Side-channel vulnerability called PortSmash detailed

    I expect it becomes less practical as core counts go up. The odds of your process running on a thread that is on the same physical core as another when you've got a crazy number of cores becomes unlikely.

    Of course, it's another tool in the arsenal. And all the more reason not to use cloud or virtual services.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •