NetSpectre Bug – New Spectre Method Attacks CPUs Via Network Connections

Spectre 1.1 VulnerabilityNew evolved Spectre Bug has been discovered by security researchers. The bug prays on the CPUs of victims and uses the processor in combination with Network Connections to obtain critical information.

The new attack is going by the name NetSpectre and is an evolved Spectre attack which has previously required manual triggering by the victim to drop the payload of the malware. The new variant however attacks completely autonomous by focusing on vulnerabilities in the network ports and CPU of the targeted computers by the hacker.

More About NetSpectre

The new NewtSpectre is not that perfect as researchers have reported the bug to be using about 15 to 60 bits per hour speed of data transfer for it’s attacks which is brutally slow for such an advanced attack. Nonetheless, the speed can allow for crucial information to be extracted from the infected computer’s CPU cache. The attack has been tested on Intel CPUs by researchers and it seems as the AVX2 module, specific for those type of CPUs has been reported to attack the computers of users to steal sensitive data, from the likes of:

  • Passwords.
  • Critical files.
  • System information.
  • Electronic signature data.

How The AVX Attack Works

AVX is basically a side channel, that relies on power management rather than cache. If the channel has 1 mili second of inactivity, it turns itself into power-saver mode automatically. This results in an 8 bit per minute low error rate with it’s AVX2 technology.

In addition to this, in Google Cloud, attacks have been reported to increase in number and get better over time. Currently the 1 byte power-saver error appears each 8 hours on Google Cloud and the attacks assume discrete targets that have the capability of mirroring.

Judging by this situation, it has now become clear that Spectre has (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Vencislav Krustev. Read the original post at: