Notebookcheck

New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs

SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)
SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)
A new CVE may enable yet another side-channel exploit in Intel processors. This vulnerability, known as CVE-2018-5407 (or "PortSmash"), targets Hyper-Threading (or simultaneous multi-threading (SMT)). It is confirmed as effective in Skylake and Kaby Lake chips, and could affect others.
by Deirdre O Donnell, 2018/11/02
Kaby Lake Security Software Windows Workstation Laptop Desktop

A team of researchers from the Tampere University of Technology in Finland and the University of Technology in Habana have reported the discovery of a new CVE which (again) affects Intel CPUs. This exploit has been classified as CVE-2018-5407, and is also known as PortSmash. It is another new side-channel exploit that leverages Intel Hyper-Threading (or simultaneous multi-threading (SMT)) to potentially steal data.

The Tampere/Habana team assert that the exploit can enable a hacker to run their process in a thread alongside a target process and steal from it, so long as they get the parallel-processing timing right. Accordingly, they have demonstrated the ability to steal a private SSL key from a TLS server using PortSmash.

The CVE has been confirmed as operable in Skylake or Kaby Lake CPUs, and could also affect other processors with SMT or Hyper-Threading. The work on PortSmash is to be found on GitHub and OpenWall, and will also be published in an upcoming article. Its authors suggest ensuring that OpenSSL is updated to a version later than 1.1.0i as a preventative measure against PortSmash. Intel has been informed of this issue, but is yet to respond (correct at time of writing). 

Source(s)

Top 10 Laptops
Multimedia, Budget Multimedia, Gaming, Budget Gaming, Lightweight Gaming, Business, Budget Office, Workstation, Subnotebooks, Ultrabooks, Chromebooks

under 300 USD/Euros, under 500 USD/Euros, 1.000 USD/Euros

Best Displays, for University Students

Top 10 Smartphones
Smartphones, Phablets, ≤5-inchCamera SmartphonesNotebookcheck's Top 10 Smartphones under 160 Euros

Related Articles

Google Camera could have been used for some extremely shady hacking activities. (Source: XDA)
The cameras on "hundreds of millions" of Android phones could have been hijacked 11/19/2019
PC-Doctor Tool For Windows is also believed to be vulnerable to cyber attacks. (Image source: Lifewire)
Cybersecurity company finds worrying vulnerability affecting millions of Dell laptops and desktops 06/22/2019
The new Cascade Lake-X high-end desktop processors could be launched at Computex. (Image source: TweakTown)
Intel Cascade Lake-X HEDT processor appears on SiSoftware's Sandra benchmark database 04/26/2019
The Intel Core i9-9990XE is now available for users to buy. (Source: TrustedReviews)
Skylake-X Intel Core i9-9990XE CPU now available for €2,999 or snap up an i9-9990XE-based desktop PC for €12,999.90 04/12/2019
SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)
The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre 12/04/2018
MIT's DAWG could easily be integrated in OS updates, and it is said to be less taxing on the overall system performance. (Source: Bit-Tech)
MIT provides alternative solution for Spectre-like CPU bugs 10/19/2018
Windows 10 19H1 is currently available as an insider's preview. (Source: Windows Latest)
2019 Windows update may address Spectre patch-related performance issues 10/19/2018
Two prominent VPN providers have needed to push updates for vulnerabilities in their systems. (Source: danielmiessler.com)
NordVPN and ProtonVPN obliged to push updates to patch new CVEs 09/11/2018
Intel will eventually bake security fixes into its next-generation of silicon. (Source: Intel)
Intel plans to offload CPU malware scanning to iGPUs in new Spectre / Meltdown fix 04/17/2018
Intel seems optimistic about any financial losses that could occur with all the litigations queuing up. (Source: Tech Viral)
Meltdown / Spectre CPU vulnerabilities brought Intel 32 lawsuits in 1.5 months 02/19/2018
The new variants might cause some problems for Intel's and AMD's already announced hardware fixes. (Source: Heise.de)
Two new Meltdown and Spectre variants discovered 02/16/2018
The Chinese knew of Meltdown and Spectre much before the US Government according to The WSJ. (Source: Reddit)
Intel alerted select corporations about Meltdown/Spectre, China speculated to have known about it before the US 01/30/2018
static version load dynamic
Loading Comments
Comment on this article
Alienware m15 with i5 and GTX 1060 ...
Apple to cease sharing sales figure...
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 11 > New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs
Deirdre O Donnell, 2018-11- 2 (Update: 2018-11- 2)
Deirdre O'Donnell
I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.