Published in PC Hardware

New Spectre attack allows a network hack

by on30 July 2018


Sceptre's impact got a little more dangerous

When Sceptre first was released there was a movement among Intel fans to say that there was nothing to worry because a hacker had to be sitting on your machine and know your password to do any damage. 

Now according to Ars Technica the problem is getting much worse.

Boffins from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system. This makes it possible to stage a network attack on a Sceptre vulnerablity.

Dubbed NetSpectre, the attack uses the same principles as Spectre but works a lot harder to exploit them. With a malicious JavaScript, for example, exploitation is fairly straightforward. The JavaScript developer has relatively fine control over the instructions the processor executes and can both perform speculative execution and measure differences in cache performance quite easily. With remote execution, that's a lot harder: the code to perform a vulnerable speculative execution (the "leak gadget") and the code to disclose the differences in microarchitectural state over the network (the "transmit gadget") have to both already exist somewhere on the remote system, such that a remote attacker can reliably call them.

The researchers found that both of these parts could be found in networked applications. For the networked attack, rather than measuring cache performance, the attack measures the time taken to respond to network requests. The disturbance to the microarchitectural state is such that it can cause a measurably different response time to the request.

 

Last modified on 30 July 2018
Rate this item
(0 votes)