A new type of NetSpectre attack requires no malware or malicious JavaScript, because it instead attacks victims through network connections, according to researchers at Graz University of Technology.
Four scientists at the university have published findings on a new type of Spectre attack in a paper entitled NetSpectre: Read Arbitrary Memory over Network. The paper details a new CPU attack that can be carried out via network connections and does not require the attacker to host code on a targeted machine, a significant development for Spectre-class attacks.
“By manipulating the branch prediction, Spectre tricks a target process into performing a sequence of memory accesses which leak secrets from chosen virtual memory locations to the attacker. This completely breaks confidentiality and renders virtually all security mechanisms on an affected system ineffective,” the researchers wrote.
Until now, Spectre attacks have needed the victim to either download and run malicious code on a machine or access a website that runs malicious JavaScript in the user's browser, but Spectre attacks have now evolved from requiring local code execution privileges to the first cache-less version that uses AVX state and instructions to create a covert channel, according to Craig Dods, distinguished engineer, security, at Juniper Networks.
While Dod said the research is concerning from a device-hardening perspective, commentators worry that the industry could be moving too far into the weeds with the attacks as the likelihood of exploitation is so low. Brajesh Goyal, vice president of engineering at Cavirin, said, “The need for leak and transmit gadgets to be present on the victim’s computer also makes it a less valuable approach. Today, threat actors have access to much easier tools to compromise victims – they won’t need to deal with the complexity and uncertainty of a network-based Spectre attack."