A new Spectre attack has been discovered by four scientists from the Graz University of Technology who published a paper about this new exploit that lets the attackers steal data from your CPU over networks. This new attack is quite different from the older Spectre variants as the older ones required local code execution in order to work.
This new attack, being dubbed as “NetSpectre” can perform a bound-check bypass using the speculative executive resulting in the address-layout randomization to not work on a remote system. A few other Spectre variants were discovered earlier this year including the Spectre Variant 1 which created buffer overflows in the CPU store cache using the speculative stores.
When it comes to newer processors, speculative execution is one of the core features that executes instructions being sent to the processor on the basis of assumptions that are true. This works in a manner where if the assumptions stand true, then the instructions will be executed else they will be discarded by the processor. To counter this flaw, fixes from Intel, Microsoft, Google and other companies were rolled out and these fixes got some harsh reactions from Linus Torvalds.
Scientists placed an attack using an AVX-based convert channel and which allowed them to capture the data from the target system at a speed of 60 bits per hour. NetSpectre can let an attacker read arbitrary memory from the attacked system on a network with code being executed through the same network.
Attackers can send a bunch of requests crafted specially to attack the target machine and measure the response time in order to leak the secret value from the target machine’s memory. This new exploit was reported to Intel back in March this year and the company has already patched these exploits making this new attack useless.
Intel has already updated its white paper and included information related to the NetSpectre attack.
Source: NetSpectre Research Paper via Bleeping Computer