Monday, December 5, 2022





What is the new HertzBleed Vulnerability?

HertzBleed is a new vulnerability that was discovered in April 2019. It affects any system that uses the OpenSSL encryption software. The vulnerability allows attackers to steal information that is normally encrypted by OpenSSL. HertzBleed is particularly dangerous because it does not require any special skills or knowledge to exploit. The HertzBleed attack is similar to the Heartbleed attack that was discovered in 2014.

This is a serious issue because HTTPS is supposed to be secure and encrypted. This means that any sensitive information that is sent over HTTPS, such as passwords or credit card numbers, could be decrypted by attackers. However, the new attack is much more efficient and can be used to decrypt a large amount of HTTPS traffic in a short period.

This attack is particularly worrisome because it can be used to decrypt traffic from major websites such as Google, Facebook, and Amazon. These companies have already patched the vulnerability, but it is still possible for other websites to be affected.

If you are concerned about this vulnerability, you should make sure that your web browser is up to date and that you are only accessing websites that use HTTPS encryption. You should also avoid sending any sensitive information over HTTPS until this issue has been fully resolved.

Operations of The New HertzBleed Vulnerability

The HertzBleed vulnerability is a serious flaw that was discovered in the way certain computer systems handle data. The HertzBleed attack is similar to the Heartbleed attack that was discovered in 2014. However, the HertzBleed attack is more sophisticated and can be used to target a wider range of systems. The best way to protect against the HertzBleed attack is to patch your systems and keep them up-to-date.

Researchers from three US universities published a paper in June that describes how an attack can be carried out to steal information. The attack takes advantage of the fact that CPUs have specialized hardware for handling different computational loads – when the load on the CPU changes, its frequency also changes, and this can lead to data leakage.

Hertzbleed can operate on remote computers without direct access, as long as they’re equipped with a certain chip. This study is quite complex, but you can get a basic understanding with our explanation. We will provide another more in-depth but easy-to-follow article on the study. Hertzbleed, which encourages hackers to try and penetrate cyber security systems, leaves a trademark behind: its website. The site’s logo represents the vulnerability through static colors and a close-up of the head-on CPU – the Hertz symbol- leaking out.

A more detailed explanation of HertzBleed

One of the most common methods for side-channel attacks is to observe changes in electric current consumption. Essentially, if a chip is encrypting data using a secret key and you notice that power consumption has increased, this may lead you to find out what the key is.

This can usually be done via a built-in monitor that many computers have. Furthermore, Spectre uses one of your CPU’s side channels – its speculative execution features – to steal sensitive information.

When programming encryption algorithms, it is important to code in a constant time to ensure that once decryption has already been completed, the encryption function will not take any more time to operate. This restricts hackers from trying to crack the code and find the key by gaining information through input data. The authors were able to take advantage of this vulnerability by feeding a sequence of characters into a program running on a system with data encryption software.

Issues of Security with HertzBleed

We can’t definitively say whether the vulnerability is in the CPU or the program because of these results. Even with controlled conditions, the researchers took 36 hours to recover the encryption key. This is all very theoretical and may not happen in reality. It is unclear whether the vulnerabilities are in the processor, or if they are simply not interested in releasing updates. The removal of the SiKE algorithm seemed to get rid of the demonstrated attack. Nonetheless, this study is significant. For Spectre-class vulnerabilities, no breakthrough has been achieved in the past four years.

A group of security researchers discovered the HertzBleed vulnerability

To conserve battery power, modern CPUs adjust their frequency according to the level of CPU load to balance between low performance and high performance. For example, when the computer is doing a few activities, the CPU’s frequency can be reduced from its normal level (3.2GHz) to 900Mhz. If the CPU is being burdened by many tasks, then it can be boosted up above its baseline level to maintain high performance for those tasks. Factors such as overheating also dictate changes in CPU frequency.

Researchers were able to steal information (secret encryption keys) by measuring a computer’s response time and then reconstructing the key. Faster response times make it more difficult for the attack to be detected, which allowed for its success.

Hertzbleed introduces a theoretical attack on computers. With a remote attack, someone could steal data by sending requests over the network. The understanding is that such vulnerabilities will be simplified in the future to make such attacks more effective.

What is the impact of Hertzbleed Vulnerability?

The Hertzbleed Vulnerability is a serious security flaw that was discovered in April of 2014. The flaw gets its name from the fact that it affects the “heartbeat” extension of OpenSSL, which is used to keep alive the SSL/TLS connection between two systems. Attackers can exploit this flaw to remotely read up to 64kb of memory from the victim system.