NetSpectre — a remote Spectre v1 attack

Topic

New Reply

Michael Heller reports on TechTarget: Researchers developed a new proof-of-concept attack on Spectre variant 1 that can be performed remotely (say, vi
[See the full post at: NetSpectre — a remote Spectre v1 attack]

12 users thanked author for this post.

SueW, Microfix, Nibbled To Death By Ducks, Carl D, Ascaris, geekdom, OscarCP, Noel Carboni, Mr. Natural, Elly, satrow

Reply | Quote

Replies

Back in the real world, a malicious organisation repeatedly tries to get me to download and install potential malware that could render my computer unusable. This happens on the second Tuesday of every month.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

15 users thanked author for this post.

Lori, SueW, Nibbled To Death By Ducks, jburk07, bobcat5536, lurks about, zero2dash, Carl D, wdburt1, fernlady, Cybertooth, Demeter, johnf, BobbyB, Noel Carboni

Reply | Quote

But look at it this way: you are charged real money for it when you pay for their main product. What is being discussed here can be yours entirely for free.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@samak: Any further  commentary would only detract from the supreme simplicity and beauty of your observation, but I’ll do it anyway:

Bullseye, direct hit below the waterline at the ammo bunker.

Whoom!

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

15 bits an hour eh? I wonder if your serial port needs to be set to 8 – None and 1 also? 🙂

Red Ruffnsore

2 users thanked author for this post.

SueW, EyeJove

Reply | Quote

You will need to have a parity bit set to verify incoming data.

Reply | Quote

Yeah but if you verify the data it will slow down the process. 🙂

Red Ruffnsore

Reply | Quote

Who funds this research?

Disclosing a way to take advantage of an already published vulnerability seems pretty close to malicious.

Really makes you wonder who’s profiting from this.

-Noel

12 users thanked author for this post.

SueW, Pepsiboy, columbia2011, Nibbled To Death By Ducks, Sessh, Mr. Natural, AlphaCharlie, JCCWsusser, Elly, OscarCP, BobbyB, satrow

Reply | Quote

…and, gee, we didn’t even get a “dead cat bounce” out of it…

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

According to FBN, that dip in your chart was caused by delays in delivery of new chips. No clue whether these chips eliminate the Spectre/Meltdown vulnerabilities without performance impacts. No clue either when new machines will be available which aren’t full of holes. 🙁 Will need to replace this Zbook 17 workstation before Win 7 EOL I guess… Never see this mentioned anywhere.

Pity the OEMs can’t get together and form a corporation which writes and updates a desktop O/S which runs Windows programs and lacks bloat and useless “features”. Would be worse than herding cats of course. But Win X must be driving OEM support people totally mad!

Reply | Quote

At 15 bits per hour, this is a proof of concept, the experimental test of an idea. The questions I would ask: (a) is this true? (b) is this scalable to, let’s say, kilobytes or megabytes per second? (c) have the details been published and, if (c) is true, then (d) I would echo Noel Carboni’s own question (  #207873  ).

To me, hearing of the kernel possibly being hacked using the infamous Intel chip set vulnerability, without the need to have enabling malware installed previously via a common infecting hack that can be defeated with normal antimalware procedures, is seriously disturbing.

Also on my mind: just as in mathematics, proof of one theorem might open the way to proving others on some different areas of study, so showing this is possible at all might spur black hats to develop other, more efficient types of malware that also do not need to have a piece of enabling malware inserted in advance of the actual infection to exploit known chipset’s vulnerabilities.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

wdburt1

Reply | Quote

Eventually someone will put all the pieces together. Computer epidemic — comdemic.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

There is attacks to be worried about, this isn’t one of them. But I am still amazed how much “sky is falling” headlines come about with this Spectre/Meltdown stuff.

2 users thanked author for this post.

Noel Carboni, Carl D

Reply | Quote

samak wrote:

Back in the real world, a malicious organisation repeatedly tries to get me to download and install potential malware that could render my computer unusable. This happens on the second Tuesday of every month.

This seems to be happening on every second day of the week lately. My head is still spinning trying to work out what is going on with all of these .NET patches for starters…

Reply | Quote

Or is everyone just having a total Meltdown over the Spectre thing?!  🙂

Reply | Quote

It goes into my low-key-keep-this-in-mind bin. I’m going remain aware and alert. We need more wares and lerts.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

15 bits per hour. Yeah, really slow. Remember, this is POC code and nothing more at this point. It is theorized that in about 2 hours, an attacker might gain enough info to break ALSR. This remote POC code could alternatively be used to cause buffer overflows when the CPU speculatively executes instructions, allowing the attacker to use Spectre to write code to memory which the attacker could then execute. Either scenario is a legitimate concern.

2 users thanked author for this post.

geekdom, OscarCP

Reply | Quote

GoneToPlaid wrote:

Remember, this is POC code and nothing more at this point.

It’s also a blueprint.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

For designing future bigger, nastier blueprints.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote