CPU Hyper-threading Reverse Engineered to Spy on Processes

John Lister's picture

One of the most useful features in computer hardware has a security flaw. It's to do with the way processors handle information.

All computing tasks are reduced down to a set of calculations. The central processing unit (CPU) is the "brain" of the computer that physically carries out these calculations. Each modern-day CPU has one or more cores, which is essentially multiple "brains" on a single CPU chip. A multi-core CPU means that multiple calculations can be done at once, which reduces the time to carry out a task.

Many processors also use a technique called simultaneous multithreading (also known as hyper threading) - somewhat similar to a multi-core system, but not quite the same. The technique is a little like breaking a task down into a to-do list of individual steps - known as a thread - and then having a CPU core rapidly switch back and forth between the top item on multiple threads.

This means the processor core works much more efficiently because it's not sitting idle, waiting for a single thread to complete from start to finish. Instead, it's switching back and forth between multiple threads. The effect is closer to what would happen if each core could literally do two things at once.

Related: Which Processor is Better: Intel or AMD? - Explained

Data Flow Reveals Contents

Security researchers have now uncovered an unwanted side effect of the multi-threaded approach. They say it's possible for a program running on one thread to look at the precise speed at which another thread is being processed, then reverse-engineer it to figure out the actual data that's being processed.

Researcher Billy Bob Brumley said it's possible to do this using a process of elimination. He likened it to two people pouring jelly beans through the same funnel; if one person measures how fast their beans are passing through, they can figure out how fast the other beans are passing through as the two flows affect one another. (Source: bleepingcomputer.com)

Security Key Uncovered

To test and demonstrate the implications, the researchers set up two threads sharing the same core. One was the test software and another was OpenSSL, a widely used tool for checking security credentials and encrypting or decrypting data. The test software was able to see precisely how long it took to OpenSSL to carry out an operation involving a private key used to encrypt data. Based on this, the test software was able to figure out the key.

The good news is that this is less of a security threat in itself and more of a way for other exploits to become more serious. To take advantage of the loophole, a hacker would already need to have found a way to run software on the victim's machine and then make sure it was running on the same core as the targeted data. For the average home user, it's more of a reminder of the need to exercise security than a direct threat in itself. (Source: Sophos.com)

What's Your Opinion?

Would you be prepared to give up some speed on your computer to boost security? Are you surprised at how creative both researchers and hackers are at finding ways to exploit loopholes? Does publicizing loopholes such as this risk tipping off would-be cyber criminals of new techniques?

Rate this article: 
Average: 4.8 (13 votes)