NetSpectre attack can steal confidential data through the network
The security team at the Technical University of Graz, Austria, has just released a new variant of the Spectre series of vulnerabilities, NetSpectre, a security flaw caused by modern processor design flaws.
Previously, Spectre and Meltdown series vulnerabilities needed to be exploited locally, requiring code to be used to steal confidential information by sharing data between processes.
The newly discovered Spectre variant vulnerability is relatively more harmful than before, and the attacker can penetrate the network and steal data without executing the code locally.
Security experts obtain confidential data for memory leaks in batches by sending requests specifically for attacking target computers and measuring response times.
Relatively tricky is that the data acquisition speed is relatively slow, but if the attacker can enter the intranet, it can directly read any data in the target computer memory.
The security team submitted the vulnerability to companies such as Intel a few months ago, and this variant has been fixed in the mid-month update.
Unfortunately, the Spectre and Meltdown series vulnerabilities faced in modern processors cannot be completely repaired, and the series of vulnerabilities that are currently being discovered are also increasing.
Especially for cloud computing and enterprise service providers, ensuring security is a top priority, and ultimately only through the replacement of new processors to solve the problem.