Researchers uncovered a new Spectre CPU weakness that enables hackers to steal data remotely. They dubbed it NetSpectre because the flaw is linked to a Spectre-class published about earlier this year. Keep reading to learn if you could be affected.
Spectre attacks a process that improves CPU efficiency by discarding unnecessary data. Modern microprocessors from Intel, AMD, and ARM all execute this function.
NetSpectre has the widest reach of the Spectre family because it can run attacks via a local network or between cloud servers. This attack doesn’t rely on smuggling malware onto a device, instead it is driven by a cache-timing attack. This is when the attacker attempts to compromise a system by analyzing the time it takes to execute algorithms.
The silver lining is that stealing data this way is painfully slow. NetSpectre has been timed to leak CPU cache (memory information) at 15 bits/hour over LAN.
Luckily, the patches available for the previous Spectre attack should mitigate NetSpectre; they can be found here. Thus far there has been no documentation to show NetSpectre has perpetrated an attack.
A second Spectre strain was discovered this week called SpectreRSB. For this one the researchers from the University of California, Riverside disagree with Intel microprocessor makers on whether SpectreRSB is prevented by previous patches.
Subscribe to our newsletter here to keep up with all of the latest malware threats.