Four researchers from the University της Κολούμπια boffins δήλωσαν ότι μπορούν να κατασκοπεύσουν πληκτρολογήσεις και κλικ του ποντικιού από μια καρτέλα του προγράμματος περιήγησης στο web, υποκλέπτοντας τα caches του επεξεργαστή της Intel.
The exploit is very effective against computers running its latest CPU models Intel, such as Core i7 processors, and works seamlessly in browsers with HTML5. So you can imagine we are talking about about 80 percent of the systems that are in circulation.
Ο Yossef Oren, The Simha Sethumadhavan and the Greeks, Vasilios KemerlisAnd Angelos Keromytis have discovered an attack that can be carried out with JavaScript served by a malicious ad network. It works by studying the time it takes to access the data stored in the last-level cache (the L3 cache is used by all kernels on a PC). Of these, they discover the user's activity.
Η έρευνα έχει ζητηθεί από πολλές μεγάλες Companies όπως τις: Google, Microsoft, Mozilla and Apple to update their browsers and stop the attack.
Dr Oren said:
“It's a low-cost attack that could probably be used by the bad guys for a short time (you know the ones that bombard you with pop-up ads). They could add this JavaScript to their popups. "
The work of the group was released to PDF, titled The Spy in the Sandbox - Practical Cache Attacks in JavaScript, and states that victims do not need to install any add-ons software, simply visit a page that contains malicious JS.
Once the malicious JavaScript code starts working, it brings the cache to a known state, and waits for the user to press a key. He then uses a high timer analysisof the browser to record the time it takes to move through a block of memory. With this information, the attacker can map the pattern of memory accesses for each keystroke and mouse movements, which can later be replayed.
With processor Intel Core i7 on a Mac OS X 10.10.2 and Firefox 35.0.1 browser, JS was able to map half the L3 cache in one minute, and about a quarter in about 30 seconds.
Research is of an academic nature, not a very practical one, but questions the hypothesis that most surveillance attacks should be in the immediate vicinity of their victims and execute arbitrary native code.
The team estimates that the attack works for every current Intel processor running HTML5. AMD chips can not be affected by cache design.
