NetSpectre — New Remote Spectre Attack Steals Data Over the Network
A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system.
Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system.
If you’re unaware, the original Spectre Variant 1 flaw (CVE-2017-5753), which was reported earlier this year along with another Spectre and Meltdown flaws, leverages speculative stores to create speculative buffer overflows in the CPU store cache.
Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues and is discarded if not.
This issue could allow an attacker to write and execute malicious code that could potentially be exploited to extract data from previously-secured CPU memory, including passwords, cryptographic keys, and other sensitive information.
Instead of relying on covert cache channel, researchers demonstrated NetSpectre attack using the AVX-based covert channel that allowed them to capture data at a deficient speed of 60 bits per hour from the target system.
Source | thehackernews