Monday, February 18, 2019

Page Caches May Be Vulnerable To Attack



There is another side channel attack that you have to be concerned about. This threat is going after the target’s system’s operating system page cache, where different kinds of sensitive data that’s been accessed by the owner of the device is kept for faster retrieval. Maybe the most ominous aspect and worst part of this newly recognized security threat is that it is not restricted by hardware architecture, and has been discovered to work not only on machines run on Windows but those on Linux as well.

This lets attackers to bypass security protocols and sandboxes.

The research team is a diverse group of IT professionals coming from CrowdStrike, NetApp, Intel, Boston University, and Graz University of Technology. They discovered a few possible methods a hacker may be able to utilize the newly determined attack vector and were even also, in some situations, to send data gathered from the target system to a remote server.

The team emphasized that even though they conducted their tests on Linux and Windows machines, there’s no possible reason their methods will not be successful on other operating systems that are currently being used. This threat can potentially affect the whole computing system. Although many of the experiments of the teams need the would-be hacker to be able to physically access the device, they managed to show that in some cases, a remote attack can also be done.

According to the team, "Our remote attack leverages timing differences between memory and disk access, measured on a remote system, as a proxy for the required local information."

They continued to explain that this can be done by measuring soft pages faults, which take place whenever a page is incorrectly mapped. Additionally, the team managed to send data between the remote web server and target system.

It should also be noted that this kind of attack hasn’t been seen in the wild, however, Microsoft, for one, is wasting no time dealing with it. Window Insider build 18305 already has a mitigation routine set in place. Plus, it is expected to be rolled out to its users in the coming months. Although it is not as devastating, it is still dangerous and well worth to keep on your radar.



Call SpartanTec, Inc. if you want to make sure that all your systems are protected against such a threat. 


 SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://spartantec-wilmingtonnc.business.site/

Cities Served:
Wilmington, Silver Lake, Sea Breeze, Carolina Beach, Eagle Island, Leland, Wrightsboro
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)