There has been an ever-increasing need for CPUs, both commercial and consumer, to perform faster. In order to do so, certain aspects have been built into processors. While increasing performance, multithreading and speculative execution have left CPUs and networks around the world at risk. Unlike the speculative execution risk of Spectre and Meltdown, a multi-threading security threat leave a company’s network data at risk.
So what is multithreading and hyperthreading? And what is the multi-threading security threat?
Give us a moment while we explain exactly how your single core processor works so quickly. Then we will talk about PortSmash, the newest threat due to processor weaknesses.
Multi-threading/Hyper-threading
As discussed during the Spectre/Meltdown catastrophe, certain aspects are built into processors in order to create a faster system. In the case of Spectre and Meltdown, speculative execution is the backdoor allowing hackers access.
Speculative execution is when the processor assumes next steps and prepares the computer to operate on that process.
Unlike speculative execution, multi-threading does not assume next logical steps leaving information available on the hard drive and unsecure. A thread is the smallest sequence of instructions that can be managed independently. Unlike common misconception, multi-threading on a single core processor does not mean the computer is running both programs simultaneously.
Rather, the CPU switches between the threads quickly, causing the impression that both software applications are running at the same time. Think of your computer openings Word at the same time as Office. The two applications are not opening at the same time. Instead, the processor is splitting resources between the two programs, jumping between two sequences of instructions.
Manufacturers build processors with this capacity to speed up performance. Instead of running each thread subsequently for a single program, the processor jumps between programs. For example, instead of waiting for Word to boot up entirely before another application can open, the user experiences Word and Office opening at the same time.
So, what is hyper-threading? Hyper-threading is Intel’s patented simultaneous multi-thread (SMT) process.
Multi-threading security threat
The question becomes does a CPU jumping between threads cause a potential open door for hackers to access data? According to five researchers from universities in Finland and Cuba, yes. PortSmash, a side-channel attack, exploits CPUs that use an SMT system.
In simple terms, the secondary thread measures time and resources used to complete the sequence of instructions. The individual using PortSmash can work backwards, discovering the data input. What does all this mean?
In the proof-of-concept (POC) published, the researchers steal an OpenSSL a private key from a server by using PortSmash.
While the side-channel access requires the hacker to use the same physical core as the victim, this is not a major stumbling block. But what it can do is allow hackers to access network servers via remote access workers. After all, the multi-threading security threat does not need root privileges, rather it only uses user space.
What needs to be done?
Luckily, OpenSSL has already sent out a patch, covering about 60% of the weakness. Unfortunately, Intel has a different sense of things.
According to Intel, the issue is not with how they build processors or the use of hyper-threading. Rather, Intel states the risk can be mitigated by “employing side channel safe development practices.” What does that mean? From what we can gather, it means OpenSSL and computer settings will need to mitigate the risk, as Intel will not change anything.
To be fair removing SMT, or hyper-threading in Intel processors, is a costly and risky proposition. Namely, single threading would slow down performance significantly. Plus, Intel has a lot invested in their patented hyper-threading core processors. It’s unlikely consumers or Intel desire a change.
However, one of the researchers Billy Brumley stated one purpose for releasing the exploit is to stop the SMT trend in chips. Their belief is multi-threading and security are mutually exclusive within a CPU, and the existence of SMT will always leave a side-channel open for attack.
Is it possible for PortSmash or another side-channel attack to risk all data available? While not seen as much of a risk as Meltdown or Spectre, the researchers believe it’s possible for PortSmash or other such attacks to do a lot of damage. Ultimately, ever company and consumer will need to decide on the multi-threading security threat, either choosing processing speed or security.