If you want to see how a real Spectre PoC would unfold on your system, Google has set up a webpage to demonstrate the side-channel data leakage attack and also posted the relevant code on GitHub. According to the researchers who developed the JavaScript PoC, the exploit is capable of leaking data at a rate of 8kB/sec, although that depends on the CPU, OS, the browser used, and the settings. The goal of this PoC is to demonstrate a web-based Spectre exploit, raise awareness, and help users figure out if their hardware is vulnerable or not.
As shown in the video, the testing website is first calibrating the timer to observe side effects of the CPU’s speculative execution, then demonstrates inferring the memory layout of a JavaScript array, and finally leaks the memory of the browser’s renderer process. There are options to set on each step, so users are allowed to test a wide variety of things and set the parameters differently to see if it affects their hardware and browser security. In general, though, if you’re running an Intel processor on Chrome, the exploit should work.
Spectre is a vulnerability discovered in 2017, and published in January 2018, which affects all pre-2019 microprocessors that use branch prediction to improve performance. An attack exploiting Spectre would target the speculative execution that results from a branch misprediction, revealing small chunks of private data to attackers. These attacks belong to the “timing” category, and they are based on the analysis of the time taken to execute an operation.
In February 2019, researchers discovered that it would be possible to go as far as hiding malware into the CPU, allowing it to run stealthily and unobstructively thanks to Spectre. In March 2019, Microsoft released an update that mitigated the second variant of Spectre with the Google-developed “Retpoline.” Intel has also promised to include hardware and firmware mitigations against Spectre on all future chips, starting with Coffee Lake-R released at the end of 2018.
We have run the test on a vulnerable i5 6500 and an i3 10100, which should be safe against Spectre attacks, so here are the results.
However, Spectre has still not been dealt with across the entire spectrum. This PoC proves that the threat of Spectre is real and definitely still here and that work towards securing the web application space needs to take place. While Google’s demonstration is totally innocuous for your system, the researchers claim that an attacker wouldn’t have to make a lot of modifications to make the code malicious.