News

New Spectre Variant Can Remotely Target Systems

NetSpectre Allows Attacks Without Local Code

Late last year, Spectre and Meltdown came out as new side-channel attacks. Fortunately, the victim system had to run the malicious code, limiting the impact. This limited the attack surface exposed to malicious actors. A lot more research has gone into this area since the groundbreaking attacks. Following up, we now have a new version of Spectre that works without having to run any code at all. Researchers have dubbed the new Spectre, NetSpectre.

Spectre side-channel attacks work by exploiting the architectural behaviors of processors. By using malicious code to trigger CPU actions and timing them, data in the cache can be discerned. This attack requires that the victim run the specific code that triggers the CPU. With NetSpectre, the attacker just needs network access. Instead of measuring CPU response time, the new attack targets network response time. There are two new methods that attack either the cache or AVX2 units.

New Attack Makes Unpatched Systems More Vulnerable to Spectre

For the cache-attack, the attacker starts off a large download. Once the cache is filled up, the attacker determines based on response time if a certain bit was present or not. For the AVX2 attack, it is a lot more novel. Intel CPUs have AVX2 units that are either idle or not. There is a measurable performance difference between them. The attacker can discern information from the system, by calling AVX2 instructions and measuring the response time, based on their power state.

Luckily, these network attacks are quite slow. On a local network, the cache takes 30 minutes per byte and the AVX2, 8 minutes. For a remote system, it jumps up to 8 hours and 3 hours respectively. This means attacks have to very targeted at things like encryption keys since it takes so long to get usable data. Furthermore, Intel and Microsoft system patches should protect against this attack. This means most users shouldn’t have to worry. However, with growing side-channel awareness, more exploits are sure to come to light.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Elgato Premium 1080p HD Facecam

Studio quality f/2.4 24 mm* all-glass Elgato Prime Lens Sony® STARVIS™ Sensor optimized for indoor…

15 hours ago

Cryorig R5 Performance CPU Cooler with 140mm – Black / White

The large tower cooler relies on two 140 mm fans, six 6 mm heat pipes…

15 hours ago

Cryorig Crona S ARGB 120mm PWM Triple Fan Pack with Controller

An Alternative to Convention - With the Low-key black back frame, Crona S features the…

15 hours ago

Asetek SimSports Pagani Huayra R Sim Racing Pedals

Expand your setup with real Pagani genes - With the Asetek SimSports Pagani Huayra R…

15 hours ago

Fnatic Bolt Wireless RGB Optical Gaming Mouse 

Wireless gaming mouse with lightning bolts on scroll wheel Three connectivity modes: 2.4GHz wireless, Bluetooth…

15 hours ago

Philips Evnia 42″ 42M2N8900 3840×2160 OLED 138Hz 0.1ms A-Sync HDR Widescreen Gaming Monitor

Built for fast action Low input lag reduces time delay between devices to monitor SmartImage…

15 hours ago