Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker. Disclosure of cryptographic keys is the main concern regarding the exploit but other uses of the attack have been demonstrated since its initial discovery.[1][2][3][4][5][6]
The exploit has been verified to work against Intel and AMD processors, with Intel's security advisory stating that all Intel processors are affected.[7] Other processors using frequency scaling exist, but the attack has not been tested on them.
Neither Intel nor AMD are planning to release microcode patches, instead advising to harden cryptography libraries against the vulnerability.
^Liu, Chen; Chakraborty, Abhishek; Chawla, Nikhil; Roggel, Neer (7 November 2022). "Frequency Throttling Side-Channel Attack". Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS '22. New York, NY, USA: Association for Computing Machinery. pp. 1977–1991. arXiv:2206.07012. doi:10.1145/3548606.3560682. ISBN978-1-4503-9450-5.
^Wang, Yingchen; Paccagnella, Riccardo; Wandke, Alan; Gang, Zhao; Garrett-Grossman, Grant; Fletcher, Christopher W.; Kohlbrenner, David; Shacham, Hovav (2023). "DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data". 2023 IEEE Symposium on Security and Privacy (SP). pp. 2306–2320. doi:10.1109/SP46215.2023.10179326. ISBN978-1-6654-9336-9. S2CID259257477.