Portsmash multi-threading vulnerability found in Intel Skylake and Kaby Lake processors

Researchers in Finland and Cuba claim that SMT can be exploited to leak data

Researchers claim to have uncovered another side-channel vulnerability in Intel Skylake and Kaby Lake microprocessors.

Called Portsmash, the vulnerability exploits the Simultaneous Multi-threading (SMT) capabilities in Intel's processors, and can leak encrypted data from the CPU or the system's memory if a malicious process is running simultaneously on a CPU core that's executing a legitimate process.

The parallel processing that SMT facilitates means data can be leaked from the legitimate process and, over time, reconstructed so that an attacker can figure out the encrypted data within the legit process.

Researchers Finland's Tampere University of Technology and Cuba's Technical University of Havana claim to have discovered the vulnerability, posting a proof-of-concept of a Portsmash exploit on GitHub.

"We recently discovered a new CPU microarchitecture attack vector," the researchers explained. "The nature of the leakage is due to execution engine sharing on SMT (for example, Hyper-Threading) architectures."

"More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core," they added.

While Portsmash is a side-channel attack, it isn't the same as the Spectre CPU vulnerabilities found in Intel, AMD and ARM chips earlier this year as it doesn't mess with memory subsystems or caching, and doesn't try to exploit speculative execution techniques found in modern chips.

The researchers are expected to post a paper breaking down the vulnerability, but in the meantime they advised users of Intel's Skylake and Kaby Lake processors to disable the chips' Hyperthreading capabilities to mitigate the vulnerability, although it's not clear how easily exploitable it is. No exploit code has yet been seen in the wild.

Intel has released a widely-reported statement about the research and suggested that other chips from other chip makers - ie: AMD - could be affected.

"Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms," said Intel.

"Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices.

"Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified."

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.