| View previous topic :: View next topic |
| Author |
Message |
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
 Posted: Fri Jul 27, 2018 2:41 pm Post subject: Meltdown/Spectre: Read Arbitrary Memory over Network |
 |
|
ADMIN EDIT: Continued from Meltdown/Spectre: Unauthorized Disclosure of Kernel Memory --pjp
Spectre attacks over the network - this is the news that everyone has been waiting for! 
https://misc0110.net/web/files/netspectre.pdf
| Quote: | | [...] In this paper, we present NetSpectre, a generic remote Spectre variant 1 attack. For this purpose, we demonstrate the first access- driven remote Evict+Reload cache attack over network, leaking 15 bits per hour. Beyond retrofitting existing attacks to a network scenario, we also demonstrate the first Spectre attack which does not use a cache covert channel. Instead, we present a novel high- performance AVX-based covert channel that we use in our cache- free Spectre attack. [...] |
| Quote: | | [...]Responsible Disclosure. We disclosed our results to Intel on March 20th, 2018 and agreed on a disclosure date in late July 2018. |
|
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9675
Location: almost Mile High in the USA
|
| Posted: Sat Jul 28, 2018 2:48 pm Post subject: |
|
|
Not sure of its value: 15 bits per hour on an ASLR machine is tough to get specific data... and then what if the network latency is randomized. I also think it should be possible for IDS will pick up on the access pattern well before any amount of reasonable data is picked up (or perhaps even regular use from other machines at the same time is enough to throw off timing). Also I don't think distributed network accesses is helpful, so DDoS reading a machine's memory will get you more variability and tougher to get data...
This is still just theory, would like to see an actual attack that breaks the internet... granted this does not need special software on the target machine...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
barophobia
Apprentice
Joined: 27 Apr 2004
Posts: 229
Location: somewhere
|
| Posted: Mon Jul 30, 2018 3:49 am Post subject: |
|
|
The paper does mention that adding randomness to network latency and monitoring for DDOS or something like that will make the attack not feasible.
I imagine this will be used once you get access to internal networks where you are not monitoring for DDOS and network latency is more stable.
_________________
An apple is an apple unless you say it is not an apple! |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9675
Location: almost Mile High in the USA
|
| Posted: Thu Aug 02, 2018 9:13 pm Post subject: |
|
|
hmm... x86 KPTI not in 4.14.52:
Processor: Pentium-M Dothan 1.6GHz
| Code: | # cat /sys/devices/system/cpu/vulnerabilities/*
Vulnerable
Vulnerable
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline |
Not looking forward to any more speed penalties...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
|
Kernel & Hardware
