Recently, a team of researchers have reported a serious vulnerability in Intel processor units which a potential attacker could exploit in order to access and steal encrypted data from the targeted device due to the use of the simultaneous multi-threading feature in Intel CPUs. The codename of the vulnerability is Port-Smash and it has been discovered by cyber security experts at the Technical University of Havana in Cuba and at the Tampere University of Technology, Finland.
The main reason for the existence of the Port-Smash vulnerability is the use of the simultaneous multi-threading (SMT) feature in Intel CPUs. This is a technology which “splits” a given physical core into virtual ones (threads) which makes it possible for each physical core to process two instruction streams simultaneously. However, this allows for one of the processes to have a quite a lot of access to the other process run in the same physical core which is what is the core reason behind the Port-Smash vulnerability.
With the use of this vulnerability, a hacker might be able to use a malicious process to easily access data from a targeted victim process that runs alongside the malicious one within the same core.Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.
The Port-Smash vulnerability could/might mainly be used to acquire private encryption keys and then use them to access data which is protected by encryption on the targeted PC. The researchers at GitHub have have attempted to test this vulnerability’s applicability and, through it, have managed to steal a private OpenSSL decryption key through a malicious process used to target an OpenSSL “victim” thread.
This, however, is only one example of how this vulnerability could be used. Port-Smash has been confirmed to work on Skylake and Kaby Lake Intel processors but researchers suspect that this vulnerability might also be present and work on other CPUs that use SMT architecture such as AMD, for example.
As far as protecting your PC against a potential attack that might use this vulnerability against you to access and/or steal sensitive data from you, the best precaution is to disable your CPU’s SMT/Hyper-threading until a security patch is released by Intel that would take care of the issue. Note, though, that this is only a temporary measure and the actual fix should be installing the new security patch from Intel so make sure to do that once it gets released and after that re-enable the SMT on your processor. For concerned AMD users, there’s currently an ongoing by researchers at AMD in order to determine if the same exploit would work for their processors as well.