New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

PortSmash

PortSmash is a vulnerability (CVE-2018-5407) that affects Intel processors. PortSmash has been classified as a side-channel attack and it could allow attackers to leak encrypted data from the CPU’s internal processes.  The vulnerability impacts any CPU that uses a SMT (Simultaneous Multithreading) architecture, which allows multiple computing threads to be executed simultaneously on a CPU core. PortSmash works by running a malicious process next to legitimate ones using simultaneous multithreading parallel thread-running capabilities. It will then leak small amounts of data from the real process, which helps the attacker reconstruct encrypted data that is processed in the legitimate process. According to researchers, “The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core.” The Intel security team was notified of the vulnerability on October 1st, however the company did not provide a patch until yesterday, November 1st. A PoC for the vulnerability has been made available on GitHub.

Analyst Notes

If a device being used is affected by CVE-2018-5407, the user should patch the device immediately. If the user does not patch immediately, they will be at a higher risk for an attack on their device. Always being aware of the current trends of vulnerabilities and attacks that are coming out can also help a user know if they have a device that is being affected by a vulnerability. By staying up to date and knowing if they are vulnerable, it can allow the user to know when they need to search for patches and updates as well as be aware that they could be susceptible to attacks.