New Javascript Attack Lets Websites Spy On the CPU's Cache

← Back to Stories (view on slashdot.org)

New Javascript Attack Lets Websites Spy On the CPU's Cache

Posted by samzenpus on Wednesday April 22, 2015 @07:58AM from the protect-ya-neck dept.

An anonymous reader writes: Bruce Upbin at Forbes reports on a new and insidious way for a malicious website to spy on a computer. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack. The exploit, which the researchers are calling "the spy in the sandbox," is a form of side-channel attack. Side channel attacks were previously used to break into cars, steal encryption keys and ride the subway for free, but this is the first time they're targeted at innocent web users. The attack requires little in the way of cost or time on the part of the attacker; there's nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker.

5 of 134 comments (clear)

Min score:

Reason:

Sort:

Immune? by Anonymous Coward · 2015-04-22 08:07 · Score: 3, Interesting

AMD CPU and NoScript FTW!
x86 ecosphere horribly broken by Anonymous Coward · 2015-04-22 08:08 · Score: 1, Interesting

If an interpreted language, running in a user context, can somehow observe what's in CPU cache, then something is really, very broken.
As long as people trade security for features, this crap is inevitable.
Re:To make it clear. by YossiOren · 2015-04-22 08:55 · Score: 3, Interesting

It's not so useless, Mr. Cafe. Case in point:
Bitcoin attack: https://eprint.iacr.org/2014/1...
GnuPG attack: http://www.nicta.com.au/pub-do...
ASLR attack: http://www.internetsociety.org...
All of these are cache-based side-channel attacks.
Re:Not very useful. by jandrese · 2015-04-22 08:59 · Score: 3, Interesting

The paper assumes that your problem is exfiltrating data because the target has somehow gotten infected but is ultra-paranoid about outbound traffic from his machine. You can instead transfer the data to a javascript app running in a webpage on a different VM that may be less secure. It seems pretty cornercase to me, but every time I think that someone comes out with some crazy exploit that extracts all of your SSH keys or something from the box using what seems like a nearly useless exploit.

--

I read the internet for the articles.
Re:all they have to do is lure them to a webpage by myowntrueself · 2015-04-22 13:00 · Score: 2, Interesting

A keylogger that runs on one VM to spy on anther is a huge deal, if true. A great many companies rely on VM isolation to keep customers separated cleanly on the same host. The entire "compute" cloud, for starters.
What makes you think the apps need to run on both machines to leak data? CPU cache snooping can see almost anything.
You are running a browser on the VM's host???

--
In the free world the media isn't government run; the government is media run.