Remote Spectre Attack Allows Data Theft Over Network

Discussion in '0-day Release' started by silversurfer, Jul 27, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A team of researchers from the Graz University of Technology in Austria has demonstrated that Spectre attacks can be launched remotely without the need to execute code on the targeted machine.

    The researchers, some of which were also involved in the discovery of the original Meltdown and Spectre vulnerabilities, have dubbed the new attack NetSpectre as it allows a remote attacker to read arbitrary memory data over the network.

    NetSpectre attacks have been successfully conducted by the experts both in a local area network (LAN) and between virtual machines in Google Cloud.

    While NetSpectre attacks can in theory pose a significant risk, data can only be leaked very slowly. Researchers achieved an exfiltration rate of 15 bits per hour over a local network, and 60 bits per hour by using a new AVX-based covert channel instead of a cache covert channel. This is the first Spectre attack that does not use a cache covert channel.

    Full Article: https://www.securityweek.com/remote-spectre-attack-allows-data-theft-over-network
     
    Der.Reisende, RGiskardR and kram7750 like this.
  2. Google Adsense

Share This Page