Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser on GitHub. The experts decided to publish the proof of concept code to demonstrate the feasibility of a web-based Spectre exploit.
Google researchers speculate the PoC code works on other CPUs (different vendor and/or generation), operating systems and Chromium flavors.
Below the description of the demo published on a site set up by Google to host the PoC code.
“This demo is split into three parts:
In January 2018, the expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could be conducted to steal sensitive data processed by the CPU.
Both attacks leverage the “speculative execution” technique used by most modern CPUs to optimize performance.
To protect systems from bot Meltdown and Spectre attacks it is possible to implement the hardening technique known as kernel page table isolation (KPTI). The technique allows isolating kernel space from user space memory.
The PoC code released by Google allows to recover cached data from the memory, including sensitive data such as the encryption keys.
The released PoC code could be easily set up because it works without a high-precision timer like SharedArrayBuffer.
Google experts also developed other PoC exploits s with different properties, but they did not release them. One of these PoC codes allows leaking data at a rate of 8kB/s, but it is less stable due to the use of the performance.now() API as a 5μs (5000ms) precision timer. Another PoC uses a timer of 1ms or worse and allows to leak data at a rate of only 60B/s.
Google recommends developers to use new security mechanisms to Spectre hardware attacks and common web-level cross-site leaks.
Standard protections include X-Content-Type-Options, X-Frame-Options headers, and the use of SameSite cookies. but researchers also recommend enabling the following protections:
The Google Security Team released a prototype Chrome extension named Spectroscope that allows web developers to protect their websites from Spectre.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Spectre)