We all know the risks of online hacking, be it via apps, social media, dodgy downloads, or otherwise. But did you know that your computer hardware is also vulnerable to hacking?
That’s right. Hardware components, including your CPU, can be targeted by malicious hackers. But how can a CPU be hacked, and is there anything you can do to avoid this kind of attack?
How Are CPUs Hacked?
The first thing to note here is that CPU hacks are not incredibly common. However, they are possible and have been researched and discovered multiple times in the past.
The Meltdown and Spectre Vulnerabilities
CPU hacks are often conducted via vulnerabilities. A notable example of this is the Meltdown vulnerability. Discovered in January 2018 by Google’s Project Zero, Meltdown poses a risk to a range of CPUs and to millions of people.
Another vulnerability, known as Spectre, also caused a stir at the same time as Meltdown. These two classes of vulnerabilities are known as the two first transient execution CPU vulnerabilities. Together, they endanger processors from Apple, Intel, AMD, and ARM. Neither of these are single vulnerabilities. Each one represents a group of individual flaws within the hardware design of CPUs.
The biggest risk posed by Meltdown and Spectre was data theft from computers. While Spectre allows arbitrary locations to be viewed in the allocated memory of a CPU, Meltdown allows all memory to be read. Spectre can target computer applications, while Meltdown can target applications and operating systems.
Another concerning thing about Meltdown and Spectre is that, because they target CPUs, a highly common piece of hardware, they also have the potential to exploit many other devices, like routers and smart tech.
These vulnerabilities are hardware-based, meaning they can’t be quickly patched in the way that software vulnerabilities can. With no immediate fix, the result of Meltdown and Spectre’s discovery was a large-scale revamp of the design of future CPUs. However, some software developments have also helped in mitigating attacks.
But things don’t stop there. In mid-2022, more alarming news surfaced when researchers discovered that CPUs could be hacked via frequency boosts.
The 2022 Hertzbleed Attack
In the 2022 study conducted by multiple researchers, it was found that a form of side-channel attack could be conducted on CPUs when they carry out a function. When a processor performs an action, a frequency variation occurs in the CPU clock. Other factors, like overclocking and overheating, can also cause frequency changes.
This is technically known as dynamic frequency changing. The frequency changes that occur in this process can be studied by cybercriminals in order to determine what kind of data is being moved from component A to B in order to carry out the function.
This group of attacks comes under the name “Hertzbleed”, and can be used on all Intel processors, as well as a wide range of AMD processors. Needless to say, a lot of people around the world are at risk of falling victim to these attacks.
It’s important to note that the Hertzbleed attacks are currently theoretical. Cybersecurity researchers have yet to see this kind of exploit performed by malicious actors, though this may change in the near future.
Avoiding CPU Hacks
Protecting your CPU isn’t the same as protecting your apps or operating system. Hardware-based attacks can be more difficult to protect against, simply because hardware can’t be patched.
However, regularly updating your operating system can help further protect your CPU from attacks. If your CPU manufacturer releases a patch for a vulnerability, it’s wise to update your software so that you can stay protected.
Firmware updates may also help fend off vulnerability-based and side-channel attacks. Make sure you don’t neglect updates, especially on a long-term basis.
CPU Hacks Are Unusual but Dangerous
While phishing, ransomware, and spyware are among the most common cyberattack vectors today, it’s unwise to ignore the other kinds of exploits out there, including CPU hacks. Most of us have multiple tech devices, and therefore multiple CPUs. So, in order to keep your CPU safe, make sure you’re staying on top of your updates.