New NetSpectre-Class Attack Raises Device-Hardening Concern

Security

A new type of NetSpectre attack requires no malware or malicious JavaScript, because it instead attacks victims through network connections, according to researchers at Graz University of Technology.

Four scientists at the university have published findings on a new type of Spectre attack in a paper entitled NetSpectre: Read Arbitrary Memory over Network. The paper details a new CPU attack that can be carried out via network connections and does not require the attacker to host code on a targeted machine, a significant development for Spectre-class attacks.

“By manipulating the branch prediction, Spectre tricks a target process into performing a sequence of memory accesses which leak secrets from chosen virtual memory locations to the attacker. This completely breaks confidentiality and renders virtually all security mechanisms on an affected system ineffective,” the researchers wrote.

Until now, Spectre attacks have needed the victim to either download and run malicious code on a machine or access a website that runs malicious JavaScript in the user’s browser, but Spectre attacks have now evolved from requiring local code execution privileges to the first cache-less version that uses AVX state and instructions to create a covert channel, according to Craig Dods, distinguished engineer, security, at Juniper Networks.                                                                                                             

While Dod said the research is concerning from a device-hardening perspective, commentators worry that the industry could be moving too far into the weeds with the attacks as the likelihood of exploitation is so low. Brajesh Goyal, vice president of engineering at Cavirin, said, “The need for leak and transmit gadgets to be present on the victim’s computer also makes it a less valuable approach. Today, threat actors have access to much easier tools to compromise victims – they won’t need to deal with the complexity and uncertainty of a network-based Spectre attack.”

Products You May Like

Articles You May Like

‘Death Stranding’ brings back appointment gaming
Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security
Ransomware: Still Going Strong 30 Years On
Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
‘Magic: The Gathering’ game maker exposed 452,000 players’ account data

Leave a Reply

Your email address will not be published. Required fields are marked *