- Jul 30, 2018
New Spectre Attack Enables Secrets to be leaked Out
Spectre and Meltdown are in the headlines again. Initially, to exploit privacy, an attacker had to have knowledge on how to run the code of their choosing on the victim’s device/system. This made browsers like JavaScript vulnerable to Spectre attacks. There were doubts about Cloud hosts as well. However, other than this the impact of these attacks was relatively less.
If you are confused as to what Spectre and Meltdown are, here’s a brief up. All systems use codes, but sometimes there are bugs present in codes which lead to security issues in the systems. Such issues make your device vulnerable that is it enables others to hack into your system and steal valuable information and data.
As compared to how strong the impact was earlier, it’s become even powerful now. Daniel Gruss, an original Meltdown discoverer and one of the researchers from Graz University of Technology has described NetSpectre as a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system.
All the Spectre attacks follow principles of the similar family. All the processors have an architectural behaviour and a micro-architectural behaviour. For example -
- Architecturally, a program that loads a value from a particular address in memory will wait until the address is known before trying to perform the load.
- Micro-architecturally, however, the processor might try to speculatively guess at the address so that it can start loading the value from memory (which is slow) even before it's absolutely certain of which address it should use.
Researchers have discovered how both these parts are found in networked applications. Instead of measuring the cache performance, the attack now measures the time taken to respond to a variety of network requests. It is important to note that any disturbance in the micro-architectural state will lead to changes in response time to the request.
Read more at arstechnica.com