January 2018, big impact in the world of cybersecurity: a report dealing with a new threat is published. This security breach called Spectre can read all the memory of a computer, tablet or smartphone and therefore access their data. It can also read keyboard entries … Big Brother is back…
A new report from the Graz University of Technology in Austria has just come out, highlighting the NetSpectre breach directly stemming from Spectre.
So how does Spectre work? How does NetSpectre vary from its relative and what are the impacts of this breach? Is this a real threat or a false alarm?
Reminder on how Spectre works
This security breach affecting nearly all computers has been exploitable for 20 years. We had to wait a report written by Google researchers for CPU manufacturers to worry about, including Intel which dominates the sector with 80% market share.
Why Spectre is unique? Because it is a hardware breach and not a software one that is used to be the weakest link. To better understand this breach, it is first necessary to remind the basics of the operation of a computer system.
The operating system (Windows, Linux, iOS, Android …) sends an instruction, for example the calculation of 5 + 5. The CPU (which can be compared to the brain of a human being) proceeds to the calculation and obtains the result 10. It stores it in the device’s memory for the result to be visible and comprehensible by the user. The information is stored in different levels of memory.
To save time, while the operating system is running and executing functions , CPU probabilizes a potential instruction that could be transmitted by it, this hence the term “speculation”.
In fact, it tests all condition’s levels:
When the operating system transmits the real instruction, the CPU checks the result’s consistency. If the instruction requested is indeed the one predicted, there is clearly a time saving since the result is already found and stored. If the probab instruction is not the one that is actually requested, we cannot speak of a loss of time because the CPU will immediately process the new instruction . In any case, it would have done nothing more if it had just waited for this instruction . Who knows, the result found during its bad prognosis may be used in a future instruction! It is therefore a win-win operation.
As a result, the real risk of this vulnerability is a sensitive data breach like: login, passwords, encryption keys … But we must qualify this threat because it is not easy to set up. Indeed, you must be an experienced hacker to exploit it. But if it’s harder to attack, it’s also harder to fix!
How does NetSpectre work? What is the real danger?
Researchers at Graz University of Technology in Austria have discovered a new variant of Spectre: NetSpectre. It has the particularity of not requiring the introduction of malicious code to be able to exploit the security vulnerability of the CPU.
This can be done remotely via a network connection. By using a specific channel, hackers can steal data on the system. However, the exfiltration is extremely long since its speed would be 60 bits/h. With such a speed, it would take 4 million years to transfer an mp3 song (average duration of 3 minutes), which does not rejuvenate us!
While there would be no point in transferring a song via this breach, a password or an encryption key weighing only a few hundred bytes would be easily recoverable in a few hours without victims’ knowledge. Finally, we must not forget that the future is made of progress and that the exfiltration time will probably improve. It will be possible to quickly recover all the information contained on a machine soon.
Even if NetSpectre can only capture a small amount of data (for now), it is sufficient if the target is a password or a login so that this seemingly minimal threat becomes huge for organizations or individuals. Updates provided by browsers, operating systems or software should be made as regularly as possible. For this it is also possible to use software such as IKare that allows to perform a vulnerability scan on all your devices and to know the ones that are not updated correctly.
Once again everyone need to protect itself from this new vulnerability. ☂️