☠️ If you own Bitcoin or cryptoshitcoins, use AMD or INTEL then you should read this....Scientists from the University of Texas at Austin, the University of Illinois at Urbana-Champaign and the University of Washington say that attackers can use a vulnerability called "Hertzleed" to gain access to private keys in cryptographic libraries.
The problem has been identified in Intel's 8th to 11th generation desktop and laptop chips based on the Core microarchitecture, as well as AMD Ryzen chips based on the Zen 2 and Zen 3 architectures. The vulnerability was reported by Tom's Hardware Computer Division.
Earlier this year, Intel introduced its own processor for cryptocurrency mining.
Hertzleed attack
Hertzbleed is a new type of side-channel attack based on dynamic frequency management features (hence the name: Hertz (Hertz) and bleed (data suppression)). The study states:
"In the worst case, these attacks allow access to cryptographic keys on remote servers by analysing the computation time in cryptographic libraries. Previously, these libraries were considered hacker-proof.
The Hertzbleed attack analyses the dynamic frequency under various workloads and breaks the encryption by guessing and manipulating the ciphertext.
Dynamic frequency and voltage scaling (DVFS) is a feature that reduces power consumption. However, attackers can understand the difference in power consumption by analysing the server response time to certain requests.
"Hertzbleed is a real and practically possible security threat," the researchers noted.
How to protect yourself
Intel and AMD currently have no plans to deploy Hertzleed firmware patches, but there are steps users can take themselves.
Chip manufacturers advise disabling dynamic frequency control to protect against Hertzbleed. On Intel processors it is called Turbo Boost, and on AMD it is called Turbo Core or Precision Boost. Companies are confident that this will not affect processor performance.
According to senior director of public relations and incident response Jerry Bryant, this attack has no practical application outside the lab, as it would take an hour or even days to steal the keys. He also added that "cryptographic solutions that are immune to side-channel power analysis attacks are not affected by this vulnerability.
https://www.tomshardware.com/news/intel-amd-hertzbleed-cpu-vulnerability-boost-clock-speed-steal-crypto-keys/
https://www.reddit.com/r/bitcoincashSV/comments/vdlsv2/if_you_own_bitcoin_or_cryptoshitcoins_use_amd_or/ Do not take this lightly. All hot wallets of all exchanges (and more) are directly affected.
Never leave your cryptos online, on exchanges. Privilege a cold wallet, or offline wallet, even paper wallet are more efficient.