Announcing the Hertzbleed Attack
Security lab faculty member David Kohlbrenner and collaborators announced the Hertzbleed Attack today. The team found a way to mount remote timing attacks on constant-time cryptographic code running on modern x86 processors (see Twitter thread). From the website: “Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.” The Hertzbleed paper will appear in the 31st USENIX Security Symposium. Congratulations to the team!