Two variants of Spectre vulnerability were disclosed in 2018 and the current POC code is associated with variant 1 (CVE-2017-5753).
- The code can be tweaked for other CPUs, browser versions, and operating systems, as well. It can be used on Apple's M1 Arm CPU with small modifications. The attack leaks data at 1KB per second.
- The main components of this POC are a Spectre version 1 - gadget - or code that starts the attacker-controlled transient execution and a side-channel or side effects of the transient execution.
- The variant 1 gadget can be stopped at a software level. However, the V8 team has discovered that mitigation of Spectre Variant 4 or Speculative Store Bypass is infeasible in software.
Security prototype released
The Google security team has developed a tool called Spectroscope (not an official Google product), which can help web developers and engineers to protect their websites from threats such as Spectre.
- Spectroscope can scan all the associated web apps to find application resources that are not protected or are exposed to other websites.
- Such exposed resources may be exfiltrated by malicious websites, consuming CPU-level information leaks and exploits.
The side-channel attacks executed via this PoC prove that attackers can read any data that enters a process hosting the attackers' code. While operating system and web browser developers nowadays have built-in protections, the design of existing web APIs still makes it possible to leak data, which calls for a new design framework altogether for better security.