Hertzbleed Is A New CPU Hack Affecting Just About Everybody
Jim Bell's note: In late 1977, I built a single board microprocessor trainer called a Dyna-Micro. https://www.google.com/search?q=%22dyna+micro%22&oq=%22dyna+micro%22&aqs=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16&client=ms-android-motorola-rvo3&sourceid=chrome-mobile&ie=UTF-8#imgrc=TPvWtUel0XoNkM At the time, I noticed that if I turned on the AM radio, running the computer caused varying bleeps and bloops to be received. Probably then and before, owners of primitive PCs like Altair noticed the same thing. A few years later, I first heard of the idea called tempest, the practice of shielding computers to avoid transmitting information by radio. Even later, in the early 2000s, I read a (even then, old) book by ex MI-5 person Peter wright, called Spycatcher, that described how they could remotely determine what radio station a radio was receiving, by detecting its local oscillator's frequency. So-called heterodyne radios work by generating a local oscillator frequency, then nonlinearly mixing that with the signal from the antenna, and then filtering the difference through an IF (intermediate frequency) filter. https://www.google.com/search?q=%22dyna+micro%22&oq=%22dyna+micro%22&aqs=chrome..69i57j46i175i199i512j0i22i30l5j0i10i22i30.8593j1j16&client=ms-android-motorola-rvo3&sourceid=chrome-mobile&ie=UTF-8#imgrc=TPvWtUel0XoNkM
From that: 'Wright examines the techniques of intelligence services, exposes their ethics, notably their "eleventh commandment", "Thou shalt not get caught." He described many MI5 electronic technologies (some of which he developed), for instance, allowing clever spying into rooms, and identifying the frequency to which a superhet receiver is tuned. "
-----------HertzBleed Is A New CPU Hack Affecting Just About Everybody https://share.newsbreak.com/1ay58kwf Unlike more traditional ways to hack information, side-channel attacks rely on these signatures to try to infer what information was being processed. You can think of it kind of like guessing your presents before your actual birthday: a stereotypical “hacker” would think of ever-more sneaky ways to simply open the wrapping paper, but someone using a side-channel attack would be giving it a shake, feeling the edges, and estimating the weight. Hertzbleed is not by any means the first such attack to be discovered – side-channel attacks have been around for more than two decades at this point – it has a few extra capabilities that haven’t been seen before. It can be deployed remotely, making it much easier to use than previous side-channel attacks, and it also works on “constant time” mechanisms – that is, code specifically designed to eliminate one of the biggest clues for a would-be hacker, the length of time a process takes to complete. And the really bad news is, you’re almost certainly affected. Certainly, all Intel processors are susceptible to Hertzbleed, as are dozens of AMD chips. And even if your personal computer, laptop, tablet or phone doesn’t use those affected processors, thousands of servers across the planet do – servers which, as a matter of course, store your data, process your information, and run the services we depend on every day.
HertzBleed has been shared repeatedly now. As Jim Bell touches on, the approach may indicate a lot more vulnerabilities, not necessarily cryptographic ones, present in a lot of systems. New vulnerabilities. Of course, a trained model could have already discovered HertzBleed, since it would simply be looking for patterns in any data it was exposed to or generating. On 6/18/22, jim bell <jdb10987@yahoo.com> wrote:
At the time, I noticed that if I turned on the AM radio, running the computer caused varying bleeps and bloops to be received. Probably then and before, owners of primitive PCs like Altair noticed the same thing. A few years later, I first heard of the idea called tempest, the practice of shielding computers to avoid transmitting information by radio. Even later, in the early 2000s, I read a (even then, old) book by ex MI-5 person Peter wright, called Spycatcher, that described how they could remotely determine what radio station a radio was receiving, by detecting its local oscillator's frequency. So-called heterodyne radios work by
Heterodyne radios are the norm, to clarify. People are taught in school a common misconception that surrounding something in a cage or box of metal will electromagnetically isolate it. This misconception relies on various DC static physics, and is incorrectly overinferred to apply to AC (i.e. all) electromagnetic radiation or changing fields. Given the context of security, and the age of the study, this common implicit share of existing shielding being sufficiently effective for security seems to bear similarity to the suppression of security and cryptographic information in general, cited by others to be a common suppression exerted by groups like the NSA.
participants (2)
-
jim bell
-
Undiscussed Horrific Abuse, One Victim of Many