KernelTrap is reporting that a SFU grad student has found some sort of hyperthreading vulnerability. Details are slim, but he’s claiming some sort of information leakage between threads on a HT CPU, saying that this could lead to the disclosure of things like RSA private keys.
If I had to guess, I’d say that this is some sort of timing attack. Most likely, the leak occurs when one HT thread runs a predictable chunk of code with secret data while the other HT thread runs some sort of monitoring code, watching for things like cache misses or utilization of the various shared resources. Or maybe, Intel shares the CPU performance counters between the two threads so the attacking thread can simply extract detailed timing information from the other thread’s work, and then use the timing information to reconstruct details on what the attacked thread was doing. There’s a decent body of work on attacking smart cards using similar techniques.
Update: After doing a bit of research, it looks like Intel does share performance counter data between threads, and some of the data shared is really interesting, like branch prediction data–if you’re attacking a known body of code, you may actually be able to extract enough data from this to get a decent peak at the private key.
Update 2: The paper is online. If I’m reading this correctly, the basic attack uses timing measurements against the L1 and L2 caches to see when the RSA thread moves on to a new cache line worth of data. The attack doesn’t need access to anything more advanced then the CPU’s cycle-counter clock to be able to recover roughly 310 bits from a 512 bit key.
Personally, I find this to be fascinating from an academic standpoint but not terrifically useful in the real world. I don’t generally want untrusted users to have any access to systems with valuable keys. Historically, it hasn’t taken most attackers very long to turn untrusted shell access into a root exploit. In almost any case, a root exploit is more worrying then the loss of 310 bits from a 512 bit key–if the attacker had root, odds are they could recover the entire key directly.
This is clearly a problem that needs to be fixed by Intel, but I’m not planning on running around disabling Hypertheading on all of my systems today. It’s just not that dangerous of an exploit for most users.