NetSpectre Slow and Remote Vulnerability

[Rohit Kumar]

NetSpectre is the newest speculative execution vulnerability to be disclosed and it is scary. It allows an attacker to slowly remotely access information stored in memory without running code on the machine itself

The post NetSpectre Slow and Remote Vulnerability appeared first on ServeTheHome.

Continue reading...

 

[gzorn]

So, I'm not an expert on this, but it seems like this is getting sensationalized.
Although the attack doesn't require attacker-injected code, it requires that the target computer contain 'spectre gadgets', essentially, bits of code already on the server that can be used to trigger the speculative execution and report back on it. If you insert speculative execution blocks in the server and kernel code, you should prevent the leak. It looked like the authors of the study wrote custom code on the servers to create a best-case scenario for exploitation. A practical exploit of an OS kernel or a userspace server would require some searching.

This seems pretty tough to implement in practice. The transmission of the data seems to require measuring timing of the return packets. For every additional hop between attacker and target, such a timing attack gets tougher due to random network delays. Also, this attack seems to require a LOT of network traffic. It would probably look like a DOS attack and potentially get cut off for that reason.