Netspectre is the latest speculative execution related vulnerability

The term Specter refers to a family of vulnerabilities found in modern processors, with Intel being the most affected. All these vulnerabilities have in common that they are related to the speculative execution of the processors. The latest discovery has been NetSpectre.

NetSpectre, a new vulnerability discovered in processors

Security researchers at Graz University of Technology have discovered NetSpectre, a new fully web-based exploit that can allow attackers to read the memory of a remote machine without running any programs on that machine. This is very important, since until now the chances of remotely exploiting the vulnerabilities Stectre were minimal.

We recommend reading our post on Intel Hades Canyon NUC8i7HVK2 Review in Spanish

NetSpectre works by deriving bits and bytes from memory, based on measures of how long the processor succeeds, or recovers from a speculative execution failure. When a processor is executing code, it speculates on the next instruction or data, and stores its results beforehand. A successful prediction is rewarded with tangible performance benefits, while a failed prediction is penalized by having to repeat the step. By measuring the precise time it takes for the processor to perform the check, you can infer the contents of memory.

However, it is a slow and tedious process, it takes 100, 000 measurements to derive the value of a single bit, an average of 30 minutes to derive a byte, and if the code is using the AVX2 register, it takes around 8 minutes to derive a byte. At this rate, it would take around 15 years to get 1 MB of data, but if all you need to do is derive a cryptographic key of a few bytes and you know exactly where to look for it, an attack can be successful in a small amount of time.

Arstechnica font