Slashdot Mirror

← Back to Stories (view on slashdot.org)

New NetSpectre Attack Can Steal CPU Secrets via Network Connections (bleepingcomputer.com)

Posted by msmash on from the furthering-their-reach dept.

Scientists published a paper Friday detailing a new Spectre-class CPU attack that can be carried out via network connections and does not require the attacker to host code on a targeted machine. From a report: This new attack --codenamed NetSpectre -- is a major evolution for Spectre attacks, which until now have required the attacker to trick a victim into downloading and running malicious code on his machine, or at least accessing a website that runs malicious JavaScript in the user's browser. But with NetSpectre, an attacker can simply bombard a computer's network ports and achieve the same results. Although the attack is innovative, NetSpectre also has its downsides (or positive side, depending on what part of the academics/users barricade you are). The biggest is the attack's woefully slow exfiltration speed, which is 15 bits/hour for attacks carried out via a network connection and targeting data stored in the CPU's cache.

38 of 63 comments (clear)

  1. Easily blocked with correct network config by Anonymous Coward · · Score: 1

    This is not news... just set up your network correctly and you're golden.

  2. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  3. Only not-vulnerable computers connect to Internet? by Futurepower(R) · · Score: 1

    Which ARM processors are NOT vulnerable to Spectre and Meltdown? What is the fastest cheap computer not vulnerable?

    Maybe only computers with ARM processors should be allowed to connect to the Internet. All other computers in an organization would exchange data using a proprietary system.

  4. 15 bits/hour for attacks by fahrbot-bot · · Score: 1

    Sounds slow and boring. I will definitely wait to see this 007 / James Bond sequel NetSpectre on cable...

    --
    It must have been something you assimilated. . . .
  5. 15 bits per hour by LittlePud · · Score: 5, Insightful

    It looks like a useless exploit for any practical purpose. I highly doubt the contents of a CPU cache would remain static for long enough to extract any information of value.

    1. Re:15 bits per hour by LittlePud · · Score: 2

      I thought that too while I read it at first, but that isn't true. The likelihood is this would be used to obtain private keys.

      A key (even a short symmetric one) is 128 bits, if not 256 (ex: AES). Public/private keys are even longer at 2048 bits.

      Even at 60 bits/hour, that’s 2 hours minimum to extract a key. Will the cach contents remain unchanged for that long?

    2. Re:15 bits per hour by Highdude702 · · Score: 1

      how long is the data being accessed for, and how often?

    3. Re: 15 bits per hour by link-error · · Score: 1

      What about a VPN router? Eventually, you'd get the full key, just not sure you would know the bit order?

      --
      -Unresolved symbol? Byte me!
  6. Re:Only not-vulnerable computers connect to Intern by aliquis · · Score: 1

    There was ARM cpus vulnerable for Spectre though.

    But wasn't FX chips free from it?

    Simple (some would had said stupid I guess) enough to not be vulnerable.

  7. Total horseshit by GerryGilmore · · Score: 3, Insightful

    Once you read the pdf describing this, anyone who knows anything can come to the same conclusion. Let's look at the facts:
    1) In order for this or any of the other Spectre/Meltdown "vulnerabilities" (and I use that term loosely, it's really more of a theoretical/lab setup) require you to be running malware on your system. This latest "Net/S/M" calls them "gadgets", but they are fucking malware!
    2) Referencing the basic principles of S/M, basically malware runs a specific set of instructions in a specific sequence to - essentially - tickle the cache by that set/series of instructions to leak some cache data that can then be read by said malware. OK, groovy enough, but how in da hell can you A) know that the cache data you read has not then subsequently over-written by a cache flush on that cache line? and then B) make any reasonable sense out of said data captured? Depending on the size of data gathered, and from what I've read it's pretty tiny, trying to steal "crypto keys" (the big bugbear over at Ars) in this way has to be the most idiotic ever!

    Bottom line: use basic security to keep malware off your system and what does leak through will be much more efficient than S/M, so - worry about the REAL shit, please!

  8. 15 bit/hour by manu0601 · · Score: 1

    The 15 bit/hour limit makes me skeptical. What relevant information can you hope to stand in the cache for hours?

    1. Re:15 bit/hour by virtualXTC · · Score: 1

      None. It's a proof of concept. However, (as the article mentions) just as the Rowhammer attack on RAM seemed too slow to worry about when first found, the shear number of machines affected means security researchers are going to keep picking at this, and thus it seems inevitable that netSpectre will be a huge problem in the not too distant future.

    2. Re:15 bit/hour by Anonymous Coward · · Score: 1

      It doesn't have to stay in the cache, it just has to stay in memory. A server with lot's of memory likely keeps a large chunk of the file system in memory for long periods. At 16 bits/hour it would take 128 hours or about 5.3 days to get a 2048 bit key. If the key is accessed all the time, or the system is quiet, or just has a ton of memory, that's not impossible.

      In fact, it's quite likely if you have a process that connects to a system to run a command every few minutes. Perhaps some sort of monitoring software for your critical servers. Or how about your web server's private key? Isn't that accessed all the time to validate SSL Connections?

      Of course, the researches have already sped up the process by a factor of about. So that means It wold take less than 2 days to get a 2048 bit key. Seems worth it to be able to do a MIM attack for something like google.com or amazon.com, doesn't it?

    3. Re:15 bit/hour by oobayly · · Score: 2

      How do you know which 2048 bits of memory contains the key? Take a server with 64GiB of RAM, that key takes up 0.000000373% of the memory.

      Lets assume you knew which 8MiB block the key was held in, that's still 478 years at 16 bits/hour. Lets assume they can speed it up by a factor 1,000, that's 174 days. If somebody told me their safe was guaranteed to be cracked, but only if somebody worked on it 24 hours a day for 174 days I'd think "that's one fucking secure safe"

  9. Neither. Basic cache operation. Until separate sec by raymorris · · Score: 2

    It would be a REALLY crappy backdoor. In this case, you're leaving looking at 15 bits per hour of random data, which will most likely be one pixel of a YouTube video or something equally interesting. Completely useless in most cases. Theoretically the bits you get might be a key, but they might also be anything else that the computer handled, and most of what computers handle isn't security keys.

    Any time you have cache, things in the cache will be faster to access than things not in the cache. That's kinda the whole point of having a cache, to speed up access to data that is used many times in a row. Caches of various are extremely important to computing, too - the can often make operations an order of magnitude faster. So nothing either sinister or stupid there - it's a simple and cheap method to make the computer run much faster.

    These general types of mechanisms will continue to exist, too. The only way you get rid of them, or many of them, is to run a completely separate, very simple (and slow) computer inside your desktop which is only used for security-sensitive operations AND have all applications use it, every time. A separate computer inside your computer, that gets ALL of your security keys? The more paranoid amongst us would have a field day with that.

  10. Re:Only not-vulnerable computers connect to Intern by Misagon · · Score: 1

    ARM cores with out-of-order execution are vulnerable to (regular) Spectre where as most ARM cores with in-order execution are not.
    ARM posted a list of which that are affected. (But they use their own nomenclature...)

    ARM Cortex-A53 and Cortex-A55 are the fastest 64-bit ARM cores without speculative execution, and yes, I think you'd want to choose 64-bit ARM (AArch64) for new applications.
    Cortex-A53 is a bit old and most easily found in the Raspberry Pi 3 Model B and 3 Model B+ single-board computers, with four cores each. Both SBCs are cheap, widely available and have a lot of support. The Model B+ runs cooler and faster (1.4 GHz) than the Model B but both need heat sinks. If a heat sink is included at all in a kit it is often too small to be able to allow the chip to run at full speed for any length of time.

    The Cortex-A55 is touted as being 20% faster than the A53 per clock. Most SoCs with the Cortex-A55 are running in a big.LITTLE configuration together with faster cores that run out-of-order.
    I have found only one SoC with only A55: the Spreadtrum SC9863, which has eight cores at up to 1.6 GHz. It was announced in May and it is so early that I can't even find a datasheet for it.
    Please do comment if you know of another option.

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
  11. Does not know the domain by mangastudent · · Score: 4, Informative

    This latest "Net/S/M" calls them "gadgets", but they are fucking malware!

    "Gadget" is a term of art from return-oriented programming; as the good Wiki introduces this:

    [...] a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

    In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine's memory, called "gadgets"....

    The "gadgets" are just convenient snippets of code that the attacker knows is already running in the target machine, like in commonly used DLLs or shared libraries.

    1. Re:Does not know the domain by GerryGilmore · · Score: 1

      But still, must not the attacker need to gain access - by actually running on the target machine - to gain control of the call stack?

    2. Re:Does not know the domain by mangastudent · · Score: 1

      Read the Wikipedia article further, the start of a ROP attack required exploiting a bug in the code of the target machine like a stack buffer overrun. Which is woefully easy, especially on Windows, which is also a primary target due to its ubiquity. The gadgets are required because execution on the stack is now generally disallowed.

    3. Re:Does not know the domain by GerryGilmore · · Score: 1

      OK, I get that, but if I know of a stack buffer overrun on a particular Windows machine, don't I still have to execute *some* code to gather anything? Also, again, how exactly does one gather anything useful from what is essentially a small slice of unknown cache data?

    4. Re:Does not know the domain by mangastudent · · Score: 1

      You use the smashed stack to execute the gadgets, their being picked as such because they're executable bits of code that can be strung together with the smashed stack into what you want. And since you can execute Turing complete programs using ROP, you can probably arrange for something interesting to be unveiled in cache timing attacks, side channels created by speculative execution that out of order CPUs use to run fast.

      You use your ROP code to arrange stuff to be in the cache, or not, and then read that memory and time the access. In the example I looked at in detail, just one bit at a time of the data of interest, see the original Google Project Zero paper, the "Variant 1: Bounds check bypass" "Theoretical explanation", it's a nice, very clear example.

    5. Re:Does not know the domain by Anonymous Coward · · Score: 1

      So basically once you've got arbitrary code execution on the remote machine, you can do what ever you want?

      No shit.

    6. Re:Does not know the domain by mangastudent · · Score: 1

      So basically once you've got arbitrary code execution on the remote machine, you can do what ever you want?

      On we have to assume all of the fastest CPUs, that do out of order processing including speculative execution. The speculative execution allows setting up side channel attacks like cache timing, and this can, depending of the details, allow you to cross many protection boundaries, between user processes, user to kernel (and not just Meltdown), different threads that were in theory sandboxed (why Chrome is now burning a bit more memory to keep sites in separate processes), even to peek into Intel Software Guard Extension enclaves.

      It's hard to exaggerate just how bad this can be; basically, run as little untrusted code on your machine as possible. I.e. as little website JavaScipt as possible, I use uMatrix with some extra severe settings in addition to uBlock Origin (ad blocker). For financial stuff, I spin up a single instance of Firefox and close it when finished. Etc. For this sort of attack though the network, at first thought, you want defense in depth, so an enemy has to get past a firewall first. Many of those are standardized by ISPs, but there's every chance the lower end ones aren't using out of order processors. Or see the Raspberry Pis, they use older super-scalar but not out of order CPUs.

    7. Re:Does not know the domain by GerryGilmore · · Score: 2

      OK, now you're falling into the paranoia level - from ANY kind of realistic standpoint!
      Please explain - without ignoring my earlier request, i.e. just howdafuck do you either know and/or be able to manipulate any cache-level data gleaned by the most inefficient process known to mankind - you can do ANYTHING by arbitrarily sniffing what is most likely stale and/or recently replaced cache memory?!?

    8. Re:Does not know the domain by mangastudent · · Score: 1

      It's not paranoia, it's been demonstrated on real systems in real time, there was even a good GUI example. These attacks extract useful data at very high rates as these things go, although this initial proof of concept network example is an exception for its slow rate of extraction ... but lots of these proofs of concepts have been sped up as they get explored. That it can be done at all is a big wakeup call.

      If you read and understand the previously mentioned original Google Project Zero paper, "Variant 1: Bounds check bypass" "Theoretical explanation", you'll understand that the cache is just a tool, used for timing side channel attacks. The data of interest is in main memory, the attacks probe protected main memory a bit or so at a time, by performing actions only allowed by speculative execution that either place other data in the cache, or don't. Then they read that data, if they get it back quickly, it was in the cache, if not, it wasn't, each read determining based on the timing whether a bit in main memory was set or not.

      Your misunderstanding seems to come from not groking that the cache is just a tool for timing side channel attacks, the memory of interest effectively stays in main memory the whole time (in truth, it's of course fetched into the cache hierarchy in the first part of the probing cycle, but that's not relevant to the attack). You must understand this concept, or take the papers on faith, or not, as you choose.

    9. Re:Does not know the domain by thegarbz · · Score: 1

      like in commonly used DLLs or shared libraries

      Loaded in random memory locations in all modern OSes.

    10. Re:Does not know the domain by mangastudent · · Score: 1

      The "gadgets" are just convenient snippets of code that the attacker knows is already running in the target machine, like in commonly used DLLs or shared libraries.

      Loaded in random memory locations in all modern OSes.

      By definition, DLLs and shared libraries must provide a way to call the code that's inside them, no matter where in memory they are located. Randomized memory layouts only increase the difficultly of some sorts of attacks, they are not a panacea.

    11. Re:Does not know the domain by thegarbz · · Score: 1

      By definition, DLLs and shared libraries must provide a way to call the code that's inside them, no matter where in memory they are located.

      All of which doesn't help at all if your side channel attack specifically is designed to leak out memory contents rather than actually sit there making system calls.

  12. Re:Neither. Basic cache operation. Until separate by Highdude702 · · Score: 1

    this coupled with address randomization bug would allow for known key locations, i of course did not RTFA, this is slashdot yes? but i do know if this is the first time its been done, even if only random data now. someone will figure out how to get specific data.

  13. JavaScript on a site, or even just connect tcp by raymorris · · Score: 1, Informative

    Until this attack, the attacker needed to run some code, which could be JavaScript. So infect a site, or lure a victim to your site, trumptweettoomuch.com, and you've got your code execution.

    The BASIC idea would be your JavaScript does something with the byte 01010111 10,000 times and measures how long that takes, then compares it to the same operation with byte 01011111. That allows you to know if certain other programs are using either of those bytes in their data. Run through a million iterations of trying combinations and you've retrieved the contents of another processes memory - or the kernel memory. That's the part that let's your code step out of its own process.

    Combine the ability to read the memory of other processes with a few other clever hacker techniques and you get the ability to read specific memory contents from specific locations.

    What's new in this attack is that the attacker doesn't need to run any code on the victim machine. Instead, they send 20,000 packets, half include the 01010111 byte, half include the 01011111 byte. The timing of the network driver, and therefore the timing of the responses, will vary depending on whether a different piece of system software is using the same byte. Combine that with earlier techniques and you have the ability to read the memory of programs running on the machine, without you running any code on the machine.

    These are a BIG deal for the theoretical security of the machine. The practical use is much harder, especially over the network. They achieved 15 bits per hour by saturating a direct gigabit connection. That's not very practical, unless you happen to be attacking a VM, coming from another VM on the same host hardware.

    1. Re:JavaScript on a site, or even just connect tcp by GerryGilmore · · Score: 2

      Just howdafuck is 15 bits per hour of cache data from a heavily used server going to give ANY valid data?!? I am STILL waiting for ANY reasonable explanation and - so far - have heard nothing but a bunch of paranoid "could" shit. SHOW ME!!

    2. Re:JavaScript on a site, or even just connect tcp by mangastudent · · Score: 1

      I am STILL waiting for ANY reasonable explanation and - so far - have heard nothing but a bunch of paranoid "could" shit. SHOW ME!!

      I have shown you, in the Google Project Zero paper. Did you read and understand the section of it I directed you to?

  14. Correcting myself - not random data by raymorris · · Score: 3, Interesting

    > even if only random data now. someone will figure out how to get specific data.

    They will and they did, it seems. I just read more about it.
    The basic attack would be ~random data, but people have combined it with other very clever ideas to be able to target certain memory locations.

    In those cases in which they can access memory through the kernel, such as the networking portion of the kernel, address randomization is bypassed.

    1. Re:Correcting myself - not random data by thegarbz · · Score: 1

      If on a modern system they know which memory address to target they likely already own you box.

  15. BZZZT by Anonymous Coward · · Score: 1

    If you actually read and understand the article, the implications are tremendous. The gadgets you are so worried about are actually code that already exists in the kernel and all over application space. In fact, any well written code will be full of gadgets. Poorly written code might have fewer gadgets in it, but it will still have some.

    It's my guess that kernel's and hyper-visors are inherently full of the necessary gadgets for this attack, and it may be impossible to remove them.

    The net impact is that any group with money and good pull at any of the major ISPs will be able to use this attack to extract the private keys from any server they care to. It basically means that within a week or two, the NSA will have the private keys to any web server they wish.

    I'm currently thinking the only defense is to have your web server generate a new private key every day. Not fun.

  16. ah, in-depth research sure went into this article by ChoGGi · · Score: 1

    Academics achieved higher exfiltration speeds --of up to 60 bits/hour-- with a variation of NetSpectre that targeted data processed via a CPU's AVX2 module, specific to Intel CPUs.

    Unless they mean the attack is specific to Intel CPUs with AVX2, but it sure sounds like AVX2 is only an Intel thing?

  17. Re:ah, in-depth research sure went into this artic by ChoGGi · · Score: 1

    and replying to myself...

    an attacker can simply bombard a computer's network ports

    So, rate-limiting when you detect a bombardment? Then it'll be less than 15 bits an hour.

  18. TFS links to the white paper, doesn't it? by raymorris · · Score: 1

    If you really want the details, they are in the paper.
    https://misc0110.net/web/files...