Experts bypass protection from Specter in popular browsers
A team of researchers from Aleph Security has found a series of attacks that use Specter vulnerabilities that allow them to bypass the protection of popular browsers. The report is about Specter v1 ( CVE-2017-5753 ) - a type of Specter vulnerability that can be exploited through a browser.
Protection against it was implemented before the publication of Aleph Security ( V8 - Chome & Chromium , Chrome , Chromium , Firefox , Edge / IE , Safari Webkit), as the researchers contacted the developers in advance. The principles of protection vary from browser to browser, but are mainly used to isolate sites (projects based on Chromium), reduce accuracy and add more variation to the timers
performance.now(), and disable the function
It should be noted that the attack was successfully carried out on Google Chrome (55.2% of users), Safari (13.5%) and Edge (it, together with IE, accounts for 6.1% of the market). At the same time, the attack on Firefox (5.4% of users) was not consistent, as Mozilla engineers recently reduced the timer
performance.now()to 2 ms. At the same time, the researchers noted that Firefox is not completely safe - just their decision to conduct attacks in this case requires some work. Thus described attack exposed more than 70% of Internet users.
In the experiment, the data access rate was 1 bit per second, so it’s too early to talk about practical implementation. The researchers explain that their goal was not to create applied tools for real attacks, but to audit the reliability of the defenses used against them.
Specter is one of two vulnerabilities discovered in January 2018, which extends to almost all modern platforms and opens up the fundamental possibility of access to isolated memory locations, which means data that the running programs operate on. Like the second vulnerability, Meltdown, Specter uses features of speculative command execution, however, unlike Meltdown, it’s difficult to speak about Specter’s 100% protection because of its more fundamental nature, which was once again demonstrated by the work of Aleph Security specialists.
Unlike Meltdown, which affects only Intel processors and ARM cores, Specter’s vulnerability also works on AMD processors. As in the case of Meltdown, all software manufacturers released urgent patches to counter Specter, however, since it has a hardware rather than software nature, there is no need to wait for a final solution in the near future.