NetSpectre attack can exploit CPUs to leak information remotely, researchers say

NetSpectre attack can exploit CPUs to leak information remotely, researchers say: Researchers now say it’s possible to use the infamous Spectre vulnerability in a way that does not require direct access to a victim’s device. Researchers from the Graz University of Technology in Austria write in a paper published Thursday that they can exploit the Spectre flaw remotely without having to run code on the target machine. Such an attack, dubbed NetSpectre, would allow hackers to trick applications into leaking private information, albeit very slowly. “The attacker only sends a series of crafted requests to the victim and measures the response time to leak a secret value from the victim’s memory,” the researchers explain. Spectre is a CPU flaw affecting most modern computers that was revealed by researchers in January. It was originally thought that attackers trying to exploit it would need to somehow install malware on a victim’s device, either by tricking them into downloading malicious code or by running malicious JavaScript on a website the victim visited. …

explicita