In the early of 2018, researcher have discovered a wired vulnerability-dubbed MeltDown and Spectre that resides in the vulnerable CPUs, kickoff CPU manufacture like Intel, AMD,etc and made a nightmare for them. Since they bug disclosed Intel, AMD and others have managed to limit the potential for widespread attacks with a series of hardware and software mitigations.
That was not end! Researcher at Graz University of Technology, have found a new attack dubbed as 'NetSpectre' which is very different from earlier disclosed vulnerability.
NetSpectre has a major advantage that attacker can exploit this vulnerability remotely. According to the researchers, NetSpectre allows an attacker to read the memory of a system without having to execute any code locally.
On the whitepaper published by the researcher reads-
Although the attack is innovative, NetSpectre also has its downsides (or positive side, depending on what part of the academics/users barricade you are). The biggest is the attack's woefully slow exfiltration speed, which is 15 bits/hour for attacks carried out via a network connection and targeting data stored in the CPU's cache.
Academics achieved higher exfiltration speeds —of up to 60 bits/hour— with a variation of NetSpectre that targeted data processed via a CPU's AVX2 module, specific to Intel CPUs.
This New NetSpectre attack is related to the Spectre v1 vulnerability (CVE-2017-5753) that Google security researchers have revealed at the early of the year. Hence, it seems that all the CPUs that were affected by Spectre v1 are belived to also affected by NetSpectre.
You can read all the details information about the new NetSpectre on this Whitepaper.
That was not end! Researcher at Graz University of Technology, have found a new attack dubbed as 'NetSpectre' which is very different from earlier disclosed vulnerability.
NetSpectre has a major advantage that attacker can exploit this vulnerability remotely. According to the researchers, NetSpectre allows an attacker to read the memory of a system without having to execute any code locally.
On the whitepaper published by the researcher reads-
NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.
We present NetSpectre: A remote Spectre attack without attacker-controlled code on the victim, and the first Spectre attack which works without the cache as covert channel. https://t.co/qEJ2YMROAh /cc @lavados @mlqxyz pic.twitter.com/5T1VzZDvOJ— Michael Schwarz (@misc0110) July 26, 2018
Academics achieved higher exfiltration speeds —of up to 60 bits/hour— with a variation of NetSpectre that targeted data processed via a CPU's AVX2 module, specific to Intel CPUs.
You can read all the details information about the new NetSpectre on this Whitepaper.