NetSpectre, the Specter-type exploit that allows you to steal data from your remote CPU



[ad_1]

A group of computer security researchers from the Graz University of Technology today released a new report providing details of a new vulnerability similar to Spectrum that affects users' processors without having to physically access the computer, that is, unlike Specter, the attack can be routed remotely via network connections.

His name is NetSpectre, and his name is attributed to the fact that there is no longer any JavaScript code running. the browser or to download and run the malware. The only thing that is needed with this vulnerability is to attack the network ports of the computer and the same results will be obtained.

However, the hacker can not take advantage of an optimal data transfer speed with this attack. In the case of attacks on the CPU, only 15 bits per hour could be obtained, and in the case of attacks on the AVX2 module of the chip, excluding the Intel processors, it was barely possible to 39, get up to 60 bits per hour. This means that a hacker needs several days to get important data.

The researchers also found that, from an internal point of view, the vulnerability is very similar to Specterv1, so in the case where your processor has installed the security patch against this vulnerability at the firmware or system level. exploitation, a hacker would then have no chance of taking advantage of this vulnerability.

On the other hand, Graz's computer said that NetSpectre can run via LAN and Google Cloud, however, has not yet found any malicious code that takes advantage of the vulnerability.

This is the second variant of Specter that academics have revealed in a week, as last week, researchers at the University of California at Riverside (UCR) released details of another attack called SpecterRSB, which could steal data by abusing the CPU's stack buffer.

[ad_2]
Source link