On November 2nd, researchers from Tampere University of Technology in Finland and Technical University of Havana, Cuba published details and a proof of concept exploit they called “PortSmash.”
They demonstrate the creation of a side channel by taking advantage of resource contention from simultaneous multithreading (SMT), including our implementation, called Intel® Hyper Threading (Intel® HT). In SMT, different threads share some resources, including ports within the execution engine. A malicious actor can run code on one thread that will reveal timing measurements from the other thread. The differences observed in those measurements can reveal data over time.
Their proof of concept demonstrated that this side channel method could be used to disclose private keys from the OpenSSL cryptographic library—which has since been patched to address this issue.
After careful assessment, Intel determined that this method was similar to previously disclosed execution timing side channels and not a variation of speculative execution side channels such as Spectre, Meltdown, and L1TF. Existing programming best practices, such as employing constant execution timing and/or avoiding control flows that vary depending on secret data, can mitigate against PortSmash.
Intel does not recommend turning off Intel® HT as a mitigation technique because other programming methods are effective and higher performing.