Hertzbleed Is A New CPU Hack Affecting Just About Everybody

jim bell jdb10987 at yahoo.com
Sat Jun 18 16:35:24 PDT 2022

Jim Bell's note:
In late 1977, I built a single board microprocessor trainer called a Dyna-Micro.

  At the time, I noticed that if I turned on the AM radio, running the computer caused varying bleeps and bloops to be received.  Probably then and before, owners of primitive PCs like Altair noticed the same thing.  
A few years later, I first heard of the idea called tempest, the practice of shielding computers to avoid transmitting information by radio.
Even later, in the early 2000s, I read a (even then, old) book by ex MI-5 person Peter wright, called Spycatcher, that described how they could remotely determine what radio station a radio was receiving, by detecting its local oscillator's frequency.  So-called heterodyne radios work by generating a local oscillator frequency, then nonlinearly mixing that with the signal from the antenna, and then filtering the difference through an IF (intermediate frequency) filter.

>From that:
'Wright examines the techniques of intelligence services, exposes their ethics, notably their "eleventh commandment", "Thou shalt not get caught." He described many MI5 electronic technologies (some of which he developed), for instance, allowing clever spying into rooms, and identifying the frequency to which a superhet receiver is tuned. "

-----------HertzBleed Is A New CPU Hack Affecting Just About Everybody 

Unlike more traditional ways to hack information, side-channel attacks rely on these signatures to try to infer what information was being processed. You can think of it kind of like guessing your presents before your actual birthday: a stereotypical “hacker” would think of ever-more sneaky ways to simply open the wrapping paper, but someone using a side-channel attack would be giving it a shake, feeling the edges, and estimating the weight.

Hertzbleed is not by any means the first such attack to be discovered – side-channel attacks have been around for more than two decades at this point – it has a few extra capabilities that haven’t been seen before. It can be deployed remotely, making it much easier to use than previous side-channel attacks, and it also works on “constant time” mechanisms – that is, code specifically designed to eliminate one of the biggest clues for a would-be hacker, the length of time a process takes to complete.

And the really bad news is, you’re almost certainly affected. Certainly, all Intel processors are susceptible to Hertzbleed, as are dozens of AMD chips. And even if your personal computer, laptop, tablet or phone doesn’t use those affected processors, thousands of servers across the planet do – servers which, as a matter of course, store your data, process your information, and run the services we depend on every day.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7748 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220618/6dad7cd5/attachment.txt>

More information about the cypherpunks mailing list