We all expected Spectre to give security experts a headache. The fact that the attack takes advantage of unsolvable vulnerabilities found on CPUs forces us to include mitigations in every way possible, including the OS’ kernel, drivers (from components to GPUs), programs and apps, and third-party apps.
After two new Spectre-based vulnerabilities became known last month, now there comes an attack that affects systems with Intel CPUs. It was dubbed NetSpectre because it can be launched over the network, a greater risk than before because threats previously required some form of local code execution.
NetSpectre is a new remote side-channel attack that is related to Spectre variant 1 (CVE-2017-5753) and abuses speculative execution to perform bounds-check bypass and can be used to defeat ASLR. NetSpectre could allow an attacker to write and execute malicious codes that could potentially be exploited to extract data from previously-secured CPU memory, including passwords, cryptographic keys and other sensitive information. Instead of relying on covert cache channel, researchers demonstrated how NetSpectre works using the AVX-based covert channel that allowed them to capture data at a deficient speed of 60 bits per hour from the target system.
The NetSpectre attack could allow attackers to read arbitrary memory from the systems available on the network containing components vulnerable to Spectre. A code performs operations like reading through an array in a loop with bounds checks on each iteration. This forces the attacker to send a series of crafted requests to the target machine and measures the response time to leak a secret value from the machine’s memory.
Luckily, those who keep their Intel systems up to date have nothing to worry about because NetSpectre has been fixed after it was reported to the company in March.