NetSpectre attack can exploit CPUs to leak information remotely, researchers say


Written by

Researchers now say it’s possible to use the infamous Spectre vulnerability in a way that does not require direct access to a victim’s device.

Researchers from the Graz University of Technology in Austria write in a paper published Thursday that they can exploit the Spectre flaw remotely without having to run code on the target machine. Such an attack, dubbed NetSpectre, would allow hackers to trick applications into leaking private information, albeit very slowly.

“The attacker only sends a series of crafted requests to the victim and measures the response time to leak a secret value from the victim’s memory,” the researchers explain.

Spectre is a CPU flaw affecting most modern computers that was revealed by researchers in January. It was originally thought that attackers trying to exploit it would need to somehow install malware on a victim’s device, either by tricking them into downloading malicious code or by running malicious JavaScript on a website the victim visited.

The big development with NetSpectre is that it doesn’t have those limitations.

The finding does come with a slight sigh of relief: The speed of data exfiltration made possible by the NetSpectre attack is really slow. In general, an attacker would only be able to leak data at 15 bits per hour from a victim. A variation of NetSpectre that’s specific to some Intel CPUs could crank the speed up to 60 bits per hour — still a snail’s pace. The slow speeds make the attack not so feasible for attackers who might want to seriously use it.

But the researchers say that demonstrating NetSpectre as a theoretical attack is significant.

“NetSpectre marks a paradigm shift for Spectre attacks, from local attacks to remote attacks,” the researchers write. “With our NetSpectre attacks, a much wider range and larger number of devices are exposed to Spectre attacks. Spectre attacks now must also be considered on devices which do not run any potentially attacker-controlled code at all.”

-In this Story-

cpu, Graz University of Technology, NetSpectre, Spectre, zero-days