New Spectre attack lets hackers steal data without having to run local code on PCs

A recent white paper released by researchers at the Graz University of Technology in Austria reveals a new attack called NetSpectre. Unlike the internet-based Spectre attack that requires a hacker to run code locally on the target PC, this version can steal data from the target PC’s memory without running any local code.

The basic method of attack is nothing new. It’s based on how a CPU speculates where its current processing path will go. A chunk of its speed stems from how it can think ahead and test different routes (branches) to determine the quickest avenue to completion. While it’s testing these routes, the chip stores data in its local cache in an unprotected way.

Unfortunately, this is a problem that resides in all modern processors. In most cases, data can only be stolen if a hacker has physical access to the target PC to run malicious code. Hackers can also attack PCs remotely by running malicious JavaScript on their websites that you download as browser cache.

But with NetSpectre, there’s nothing to download. Instead, the attacker bombards the network ports of a target PC with malicious code. The good news is that this method takes an extremely long time to extract data from memory due to the noisy environment of the internet. For instance, one method directly targets the CPU’s cache at 15 bits per hour, while another method targets a specific module (AVX2) at 60 bits per hour.

Of course, hackers don’t want everything stored in memory: They want the juicy bits. In addition to the slow data leak, they must sift through the garbage to pull out valuable, privileged items. Finding an encryption key in the slow data flow could take days versus accessing the same key by running malicious code locally on the target PC.

According to the paper, the NetSpectre attack consists of two components. The first is a leak gadget that pulls one or multiple bytes of data from memory, although single-bit gadgets are “most versatile.” The second component is the transmit gadget that makes the CPU’s state visible over the network, so the hacker can retrieve the data.

Hackers carry out the attack in four stages. First, they send the leak gadget to “mis-train” the processor’s predictive capability and then reset the environment to enable the encoding of leaked bits. After that, hackers exploit the Spectre Variant 1 vulnerability to leak data and use the transmit gadget to deliver the goods.

“As the network latency varies, the four steps have to be repeated multiple times to eliminate the noise caused by these fluctuations,” the report states. “Typically, the variance in latency follows a certain distribution depending on multiple factors, such as distance, number of hops, network congestion.”

But don’t worry, because this isn’t a vulnerability that requires a new patch. According to Intel, it’s mitigated through the same techniques used to patch Meltdown and the two Spectre variants: code inspection and modification of software. That places a speculation stopping barrier where appropriate.

“We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method,” Intel says. “We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.”

Updated July 27, 2018 to reflect Intel’s response.


The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.

A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Researchers discovered a security flaw affecting versions of MacOS prior to 10.13.6 that allows hackers to take control of a Mac during first-time setup and device provisioning. Malicious code can then be injected into the Mac.

Having issues with Microsoft Edge? Here's how to fix the most common problems

If you're feeling frustrated with Microsoft Edge, or have run into a serious problem with Windows 10's built-in browser, take a look at these common issues and the solutions that can help you get back on track.

Windows 10 can split and resize windows with ease. Here's how to do it

Windows 10 is a great desktop operating system, and its many window management features are part of the reason why. Here's how to divvy up windows using Snap Assist and other native tools.

Apple AR glasses will launch in 2020, says respected industry analyst

Apple AR glasses may be closer to reality than we thought. Here is everything we know so far about the augmented reality system, including the rumored specifications of Apple's Project Mirrorshades.

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.

Intel serves up ‘Bean Canyon’ NUCs revved with ‘Coffee Lake’ CPUs

Looking for a super-compact PC for streaming media that doesn’t break the bank? Intel updated its NUC family with its new “Bean Canyon” kits. Currently, there are five with a starting price of $300 packing eighth-generation Intel Core…

Save hundreds with the best MacBook deals for August 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.

Lost without 'Print Screen'? Here's how to take a screenshot on a Chromebook

Chrome OS has a number of built-in screenshot options, and can also be used with Chrome screenshot extensions for added flexibility. You have a lot of options, but learning how to take a screenshot on a Chromebook is easy.

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.