Call (800) 368-7416 | Chagrin Falls, OH

Bad News : Good News

Researchers in Finland have discovered a security vulnerability in Intel’s Hyper Threading technology; otherwise known as Simultaneous Multi-Threading (SMT for short).  The new exploit is dubbed PortSmash.  Papers on exactly what it does to cipher encrypted data will be published soon.  If you have any servers using Intel devices with SMT, SSL 1.1.1 servers have already been patched already. However, according to Bleeping Computer, Fixes for this attack have already been added to OpenSSL 1.1.1.  If you operate on SSL 1.1.0i or older, you can find code for the patch here.

On that note Bleeping Computer has a really great explanation about what has been revealed so far concerning PortSmash and also as to how SMT operates.

 

There is no word on whether or not AMD devices using SMT also fall under the same vulnerability as of yet.  PortSmash is code specific to Intel devices, but may only require a small change of code to exploit the feature in AMD CPU’s and APU’s that feature SMT.

 

https://www.bleepingcomputer.com/news/security/new-portsmash-hyper-threading-cpu-vuln-can-steal-decryption-keys/

 

Leave a Reply