Researchers describe Specter attack that steals information via network

Spread the love

Scientists from the Austrian University of Graz, part of whom were involved in the discovery of Meltdown and Specter, have described a new Specter attack that can steal information via the network. They call the attack NetSpectre.

The researchers have published a paper detailing their findings. In it, they explain that until now, a Specter attack required the attacker to be able to execute code on the target’s system. For example, stealing an encryption key from memory via the browser. What makes the researchers’ new discovery different from previous attacks is that NetSpecter can also be run over the network, for example via an API or a reachable network interface. They tested this on a local network and in the Google cloud between VMs.

In these cases, an attacker would have to establish a network connection with a program that contains a so-called Specter gadget, or a certain piece of code. An attacker must also be able to send a large number of network packets to the target, regardless of whether he has control over the contents of those packets or how long it takes to send the packets. He then measures the response times.

An important limitation of NetSpecter is that this attack is very slow. For example, it is possible to steal 15 bits per hour. This rate continued to drop between two VMs in the Google cloud, which was 3 bits per hour. There is also a faster variant, which uses AVX2 instructions. According to the researchers, this achieves 60 bits per hour, which means that stealing an encryption key, for example, can take several days.

One of the researchers told The Register: “Fortunately, the speed of this attack is quite limited, making it especially interesting for targeted attacks on high-value targets.” Moreover, according to the researchers, existing Specter countermeasures are sufficient to stop NetSpectre. “Once the system is fully patched for Specter, including the new gadgets we introduce in the paper, the attack should be repulsive. On the other hand, we’re just beginning to understand what Specter gadgets might look like, so this is not an easy problem to solve.”

Intel tells the site that it also believes that existing measures are sufficient, such as inspecting code and adjusting software. It added new information to its white paper on Specter-like attacks in response to the paper. Red Hat has published a blog post with additional information about NetSpectre.

You might also like
Exit mobile version