Hertzbleed

Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker. Disclosure of cryptographic keys is the main concern regarding the exploit but other uses of the attack have been demonstrated since its initial discovery.

The exploit has been verified to work against Intel and AMD processors, with Intel's security advisory stating that all Intel processors are affected. Other processors using frequency scaling exist, but the attack has not been tested on them.

Neither Intel nor AMD are planning to release microcode patches, instead advising to harden cryptography libraries against the vulnerability.

Mechanism
Normal timing attacks are mitigated by using constant-time programming, which ensures that each instruction takes equally long, regardless of the input data. Hertzbleed combines a timing attack with a power analysis attack. A power analysis attack measures the power consumption of the CPU to deduce the data being processed. This, however, requires an attacker to be able to measure the power consumption.

Hertzbleed exploits execution time differences caused by dynamic frequency scaling, a CPU feature which changes the processor's frequency to maintain power consumption and temperature constraints. As the processor's frequency depends on the power consumption, which in turn depends on the data, a remote attacker can deduce the data being processed from execution time. Hertzbleed thus effectively bypasses constant-time programming, which does not take into account changes in processor frequency.