Graz University has just published findings on a new type of Spectre attack – NetSpectre: Read Arbitrary Memory over Network. – which attacks through network connections, without code on a target victim’s machine. This new type of Spectre threat does not require malware on a victim’s machine or a click on malicious JavaScript.
Two security experts with Juniper networks offer perspective in response.
“Spectre has been elevated from a class of vulnerabilities that requires local code execution privileges to one that can be conducted against remote targets. And, this first cacheless version of Spectre relies on AVX state and instructions to create a covert channel.
“Prior to this research, SIMD/AVX-based side channels had not been considered real risks. This approach relies heavily on determining the state of a particular unit, AVX2 in this case. Limiting access to these types of features on common processors is difficult, if not impossible, in many environments. It’s quite concerning from a device hardening perspective as fundamental protections, such as ASLR, can be easily defeated using this technique. Additionally, there’s a very real concern about private-key and cryptographic compromise.”
“We are getting too far into the weeds with these types of attacks – there are too many conditions for them to be practical. When it comes to network-based attacks, timing varies wildly. The proof of concept described identifies a high magnitude of deviations from the measured latency on a local network, so you can imagine that it would be even larger if the experiment ran over the internet. The need for leak and transmit gadgets to be present on the victim’s computer also makes it a less valuable approach. Today, threat actors have access to much easier tools to compromise victims – they won’t need to deal with the complexity and uncertainty of a network-based Spectre attack.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.