Hey, Mi Fans!
The Meltdown and Spectre attacks revealed earlier in 2018 kicked the year off with a concerning bang due to the wide range of hardware affected. Since they were disclosed, Microsoft, AMD, Intel, and other companies have managed to limit the potential for widespread attacks with a series of hardware and software mitigations. Still, new variants on the attack continue to be discovered, and the latest widen the potential pool of devices impacted.
What is NetSpectre?
NetSpectre is a generic remote Spectre variant 1 attack which leaks sensitive data, such as encryption keys or passwords, using the NetSpectre attack in a cloud environment. Spectre variant 1 induces speculative execution in the victim by mistraining a conditional branch, e.g. bounds check. This new remote side-channel attack abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system.
netspectre-remote-spectre-attack (1).jpg (43.48 KB, Downloads: 0)
2018-07-30 03:22:01 Upload
How Does it Work?
The building blocks of a NetSpectre attack are two NetSpectre gadgets- a leak gadget and a transmit gadget. The leak gadget accesses a bit stream at an attacker-controlled index, and changes some microarchitectural state depending on the state of the accessed bit. The transmit gadget performs an arbitrary operation where the runtime depends on the microarchitectural state modified by the leak gadget. The attacker constantly performs operations to mistrain the processor, which will make it constantly run into exploitably erroneous speculative execution.
NetSpectre has low exfiltration speeds:-
Although the attack is innovative, NetSpectre also has its downsides (or positive side, depending on what part of the academics/users barricade you are). The biggest is the attack's extremely slow exfiltration speed, which is 15 bits/hour for attacks carried out via a network connection and targeting data stored in the CPU's cache. Academics achieved higher exfiltration speeds of up to 60 bits/hour with a variation of NetSpectre that targeted data processed via a CPU's AVX2 module, specific to Intel CPUs. Nonetheless, both NetSpectre variations are too slow to be considered valuable for an attacker.
Existing mitigations should prevent NetSpectre:-
This new NetSpectre attack is related to the Spectre v1 vulnerability (CVE-2017-5753) that Google researchers and academics have revealed at the start of the year. As such, all CPUs previously affected by Spectre v1 are believed to also be affected by NetSpectre, existing mitigations, released after the original Spectre attack was first described earlier this year, should protect devices that have been patched.
So, if you have already updated your code and applications to mitigate previous Spectre exploits, you should not worry about the NetSpectre attack.
The details of the NewSpectre attack comes almost two weeks after Intel paid out a $100,000 bug bounty to a team of researchers for finding and reporting new processor vulnerabilities that were also related to Spectre variant one. In May this year, security researchers from Microsoft and Google also reported a Spectre Variant 4 impacting modern CPUs in millions of computers, including those marketed by Apple. Last week, researchers from the University of California, Riverside (UCR) have published details about another attack named SpectreRSB that carries out its data exfiltration by abusing the CPU's Return Stack Buffer (RSB).
Source: 1 2 3
What do you think?
Comment below your opinion!
In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .