Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

NetSpectre attack exploits data from CPU memory

Save for later
  • 3 min read
  • 31 Jul 2018

article-image

After the recent SpectreRSB attack on Intel, AMD, and ARM CPUs, a group of security researchers have found a new Spectre variant in town codenamed NetSpectre. They have recorded this latest Spectre in their paper, “NetSpectre:Read arbitrary memory over Network

As per the researchers, the specialty of NetSpectre is, it can be launched over the network without requiring the attacker to host the code on a targeted machine. This new Spectre attack is a new remote side-channel attack, which is related to Spectre variant 1.

https://twitter.com/misc0110/status/1022603751197163520

What does NetSpectre attack do?


The new Spectre attack exploits speculative execution to perform bounds-check bypass and can be further used to destroy address-space layout randomization on the remote system.

This issue further allows the attacker to write and execute malicious code that extracts data from the previously secured CPU memory. This memory could include sensitive information such as passwords, cryptographic keys, and much more.

The researchers have demonstrated the NetSpectre attack using the AVX-based covert channel. This approach allowed them to capture data at a speed of 60 bits per hour from the target system. Researchers said, “Depending on the gadget location, the attacker has access to either the memory of the entire corresponding application or the entire kernel memory, typically including the entire system memory.”

The remote attacker need to simply send a series of request packets to the target machine and measure the response time to leak a secret value from the machine’s memory.

Researchers said, “We verified that our NetSpectre attacks work in local-area networks as well as between virtual machines in the Google cloud.”

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime

How to be safe?


If one has updated their code and applications to mitigate previous Spectre exploits they do not have to worry about the ‘NetSpectre’ attack.

Researchers have mentioned state-of-the-art and network-layer countermeasures for NetSpectre in their paper. However, they state, “as attackers can adapt and improve attacks, it is not safe to assume that noise levels and monitoring thresholds chosen now will still be valid in the near future.”

Also recently, Intel paid $100,000 bug bounty to a team of researchers to find and report new processor vulnerabilities. These newfound Spectre variants were also related to Spectre variant 1.

Following this, Intel has included information related to the NetSpectre attack in its updated white paper, ‘Analyzing potential bounds check bypass vulnerabilities

Read more about the NetSpectre attack in the whitepaper.

SpectreRSB targets CPU return stack buffer, found on Intel, AMD, and ARM chipsets

Intel’s Spectre variant 4 patch impacts CPU performance