A new way to attack computers has been under discussion for a few days in the crypto community after indications emerged that a new type of cyber offensive called ‘Hertzbleed’ could allow a hacker to discover the private keys of a bitcoin wallet, for example, on processors. from Intel and AMD. Hertzbleed was released by a team of researchers from the Universities of Texas, Illinois and Washington. However, the discovery was made several months ago and was under embargo at the request of Intel. Last Tuesday (21), an employee of Intel’s security center published a note on the matter, confirming that the company was aware of the vulnerability, but toned down rumors that this would be an easily executed action. In turn, Intel reported that all of its processors are affected, including desktop and laptop models of the Core microarchitecture from the 8th to the 11th generation. The company has included Hertzbleed in its alert system, announcing microcode updates that respond to the vulnerabilities. “Intel recommends that developers of cryptographic libraries and applications refer to the methods suggested in this article to evaluate and protect their code against frequency throttling side channel, also known as ‘Hertzbleed,’” the company wrote. As explained by the portal Criptonoticias in a publication on Thursday (23), the name Hertzbleed refers to the expression ‘bleed frequency’ – ‘hertz’, the unit of measurement of frequency, and ‘bleed’, from ‘bleed’ in English. In this regard, Hertzbleed collects information about the performance of microprocessors and CPUs, using the time and intensity of cycles to perform secret cryptographic processes. “Similar to those performed when bitcoin transactions are created with a private key and a public key from a wallet,” the report explains, citing a technical analysis by Optech, which concluded: “The remarkable aspect of this attack is that it can affect signature generation code that was specifically written to always use the same type and number of CPU operations to avoid leaking information to attackers.”
Regarding the Intel embargo, the research group explained: “We released our findings, along with proof-of-concept code, to Intel, Cloudflare and Microsoft in Q3 2021 and to AMD in Q1 2022. Intel originally requested that our findings be held under an embargo until May 10, 2022. Intel later requested a significant extension of this embargo, and we coordinated with them the public disclosure of our findings on June 14, 2022.”
Is Bitcoin Resistant to an Attack Like This?
Some Bitcoin developers and crypto experts have clarified that while it is difficult to carry out this attack against a wallet, it is still too new a type of vulnerability to draw conclusions from, according to Cryptonotícias. Developer Pieter Wuille was one of those who commented the subject. According to him, although Bitcoin Core is able to perform key generation processes in a shielded way, not all of them have the same level of protection every time they are carried out. To the average user, the group of researchers said that there is nothing to do at the moment; to the cryptography engineers they indicated reading on the topic and, if the specialist is running a SIKE decapsulation server (data opening process), he must “make sure to implement the informed mitigation”.