According to report, Cyber security researcher’s team from Technical University of Havana in Cuba and Tampere University of Technology in Finland has found PortSmash Vulnerability in Intel Processor. According to them, potentially attacker or Cyber criminals could exploit in order to steal personal or encrypted data from targeted machine due this major flaw. However, attacker can make targeted computer useless due to the use of simultaneous multi-threading features in Intel CPUs. Let’s take have a look at story in detail.
Existence of Port-Smash vulnerability is due to use of Simultaneous Multi-threading
According to researchers, use of Simultaneous multi-threading Technology (SMT) feature in Intel CPUs is the major reason of the existence of Port-Smash vulnerability. When we talk about this technology, it spits a given physical cores into virtual cores or threads that makes the possibility of each physical codes to process two instructions steams simultaneously.
However, it starts its multi-threading capability in such a way that runs lots of processes in same physical core which is the main reason behind Port-Smash vulnerability in Intel Processor. On other hand when we talk about what attacker can do with the use of this flaw, Cyber hacker might be capable to use malicious processes to access crucial or personal data of targeted machine that executes malicious codes within same core.
PortSmash Target the System protected by encryption and acquires private encryption keys
Further report about this flaw, Port-Smash vulnerability can be used by attacker for malicious activities. They can exploit this flaw to acquire private encryption keys and then use them to control or access personal data of targeted PCs which is protected by encryption or password. On other hand, GitHub researcher’s team have tested the capability of this vulnerability and via this test, they have tried to managed to gather private OpenSSL decryption keys via malicious process use to target an OpenSSL users.
Moreover, security researchers’ team has also confirmed the availability of Port-Smash vulnerability on Skylake and Kaby Lake Intel Processors. They are still in doubt that this flaw might also be present and work on other CPUs that SMT (Simultaneous Multi-threading Technology) like AMD and others.
Protection: What should to do in case of existence of Port-Smash vulnerability?
It is good to see that Intel Company cares about this major flaw which has reported by security researchers. At the moment, the company has not yet release security patch to fix this issue. Due to lack of security patch for Port-Smash vulnerability, Cyber Criminals can take advantages of this situation and start their misleading activities in targeted machine.
You should be careful against potential attack that might use this flaw against your machine to access your personal data. We recommended you to disable your CPU’s SMT/Hyper-threading until a security patch is released by Intel Company. We hope that the security patch for Port-Smash vulnerability will release soon. For any suggestions or queries, please write on comment box give below.