The Spectre and Meltdown exploit became the worst nightmare for Intel and other processor manufacturers, seeing the entire processor architecture suddenly collapse like a house of cards over 40 years.
Now a group of security researchers from Graz University of Technology, including one of Spectre’s discoverers, has published a report revealing details of an even more dangerous new vulnerability than the original Spectre, which allows remote access to the data processed by the CPU.
To attack with the original Spectre variant, the attacker had to execute a Javascript code locally in the browser, so that it was necessary to stand in front of the computer that wanted to attack and steal the data.
In the new variant, which the computer has named NetSpectre, this attack can be carried out via an Internet connection. Opening the door for anyone from the other end of the world to access the processor of another connected computer and steal its data.
The only consolation we can find is that the attacker suffers a significant restriction in data transfer speed, limited to 60 bits per hour for attacks on the AVX 2 command module and 15 bits per hour on the CPU.
With this transmission rate, an attack can take days until the attacker has enough data to consider the attack a success.
Researchers report that they believe NetSpectre has many similarities with early Spectre variants, so their solution may be the same. So if you already have the security patch or update that protects your processor from Spectre threats, you may also be protected against an attack with NetSpectre.
Intel has updated its report on Spectre to address this threat and agrees with the conclusion of the Graz University of Technology expert team that the processor will be protected from NetSpectre if the security patch is already installed.
At the moment it is not known that this NetSpectre variant was used as an attack method by malware, but the fact that it can attack remotely that keeps thousands of computer security experts awake at night.