Security experts from Graz University of Technology have discovered a new way to read the memory of a remote Specter class computer without executing malicious code on it. Unlike previously described attacks of this class, the NetSpectre method works due to network activity, not the executing the programs.
The method is associated with the Specter v1 vulnerability and represents a threat to all affected processors, but has a low data extraction speed. The experiment showed that the extraction speed during the cache attacks on the third-party channels is only 15 bit / h. Using a new third-party channel associated with AVX instructions increases the speed to 60 bph. In Google Cloud, scientists were able to extract data from a virtual machine at a rate of 3 bits / hour.
According to experts, attackers can use NetSpectre also to bypass the technology of Address Space Layout Randomization, which allows you to randomly change the location of important data structures in the address space.
To protect against NetSpectre, it is sufficient to use existing measures against the Specter. Because NetSpectre is a network attack, it can be detected by means of protection from DDoS attacks.