A recent white paper released by researchers at the Graz University of Technology in Austria reveals a new attack called NetSpectre. Unlike the internet-based Spectre attack that requires a hacker to run code locally on the target PC, this version can steal data from the target PC’s memory without running any local code.
The base method of attack is nothing new. It’s based on how a CPU speculates where its current processing path will go. A chunk of its speed stems from how it can think ahead and test different routes (branches) to determine the quickest avenue to completion. While it’s testing these routes, the chip stores data in its local cache in an unprotected way.
Unfortunately, this is a problem that resides in all modern processors. In most cases, data can only be stolen if a hacker has physical access to the target PC to run malicious code. Hackers can also attack PCs remotely by running malicious JavaScript on their websites that you download as browser cache.
But with NetSpectre, there’s nothing to download. Instead, the attacker bombards the network ports of a target PC with malicious code. The good news is that this method takes an extremely long time to extract data from memory due to the noisy environment of the internet. For instance, one method directly targets the CPU’s cache at 15 bits per hour while another method targets a specific module (AVX2) at 60 bits per hour.
Of course, hackers don’t want everything stored in memory: They want the juicy bits. In addition to the slow data leak, they must sift through the garbage to pull out valuable, privileged items. Finding an encryption key in the slow data flow could take days versus accessing the same key by running malicious code locally on the target PC.
According to the paper, the NetSpectre attack consists of two components. The first is a leak gadget that pulls one or multiple bytes of data from memory, although single-bit gadgets are “most versatile.” The second component is the transmit gadget that makes the CPU’s state visible over the network, so the hacker can retrieve the data.
Hackers carry out the attack in four stages. First, they send the leak gadget to “mis-train” the processor’s predictive capability and then reset the environment to enable the encoding of leaked bits. After that, hackers exploit the Spectre Variant 1 vulnerability to leak data and use the transmit gadget to deliver the goods.
“As the network latency varies, the four steps have to be repeated multiple times to eliminate the noise caused by these fluctuations,” the report states. “Typically, the variance in latency follows a certain distribution depending on multiple factors, such as distance, number of hops, network congestion.”
But don’t worry: This isn’t a vulnerability that requires a new patch. Everything released for Meltdown and Spectre should protect your data from this new method. It’s also not in active use, but you should still make sure your PCs are armed with the latest Meltdown and Spectre updates.
Researchers at the Graz University of Technology reveals a new attack called NetSpectre. Unlike the internet-based Spectre attack that requires code running locally on the target PC, this version doesn’t need to run local code.
In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.
Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.
The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.
This guide covers:
Download it for free by filling out the form here.