New Spectre attack enables secrets to be leaked over a network

Forum focused on electronics and peripherals. This includes computers, phones, cameras, etc.


Enlarge (credit: Pete)

When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as suitably crafted JavaScript could be used to perform Spectre attacks. Cloud hosts were susceptible, too. But outside these situations, the impact seemed relatively limited.
That impact is now a little larger. Researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system.
All the variants of the Spectre attacks follow a common set of principles. Each processor has an architectural behavior (the documented behavior that describes how the instructions work and that programmers depend on to write their programs) and a microarchitectural behavior (the way an actual implementation of the architecture behaves). These can diverge in subtle ways. For example, architecturally, a program that loads a value from a particular address in memory will wait until the address is known before trying to perform the load. Microarchitecturally, however, the processor might try to speculatively guess at the address so that it can start loading the value from memory (which is slow) even before it's absolutely certain of which address it should use.

Read 11 remaining paragraphs | Comments

Our free community is dedicated to US-based video gamers to provide a platform for exchange and support.
Join discussions on cheating, guides, exploits & tips, secrets, mods and so much more!
PSA: we do not support cheating for online/mobile/multiplayer games, which may include trainers,
mod menu's, Exploits, Hacks, Tools & Macros, Bots and so on. (we do allow the posting of such for offline/single player games hoewever, online and multiplayer games is where we draw the line. Phone apps/games for example typically offer a storefront to purchase ingame currency for example; whether it's singleplayer or not, in such games, the aforementioned is not allowed.)
Top Bottom