Leave a comment

Scary new security flaw exposes everything you do on your computer

Scary new security flaw exposes everything you do on your computer
photo courtesy of shutterstock

There's a branch of hacking and computer security you don't hear about much, but it's incredibly important. It's called "side-channel attacks."

At its most basic, a side-channel attack is one that lets a hacker get information from a computer using some seemingly insignificant detail of how a computer works. For example, a hacker might measure fluctuations in the processor voltage to figure out what information is being processed, or pick up faint voltage spikes from your keyboard to know what letters you're typing. It sounds like a Hollywood spy thriller, but it's real.

What keeps side-channel attacks from being a worry for everyone is that most attacks against computer hardware require the hacker to be in the same general area, if not actually touching the computer. So they're usually used against major companies or secure government systems.

However, security researchers have found a scary new side-channel attack that could be a game changer. That's because all it takes to work is you visiting the wrong site. Once you do that, a hacker can know everything you're doing on your computer.

This hack uses Javascript (which isn't the same thing as Java, remember) running in a browser tab. The hacker can start the Javascript code once you visit a malicious page, or even if a legitimate page loads a malicious ad. As long as the page is open in a browser tab, the hack can run.

Once the Javascript code is running, it watches your computer processor's cache. I won't get too technical, but the cache is a small amount of superfast memory built into your processor. Every bit of information your computer processes passes through it.

The Javascript uses your browser's super-accurate timer to watch the processor cache and how long it takes for information to pass through it. By monitoring miniscule differences in timings, hackers can map what memory is in use and from there figure out what key presses and mouse movements you're making.

Not only that, because the cache is handling everything on your computer, any program you use while the browser is open is vulnerable. Even virtual machines, which a lot of experts use for increased security, are at risk. The scary part is that even unskilled hackers can target millions of computers very easily.

The major browser manufacturers are working on a fix, but it probably won't be out for a while. For now, the only solution is to close any extra browser tabs you have open when you're doing sensitive things like using your banking site.

You could also switch to an AMD processor. The way it handles the processor cache is different from Intel and this side-channel attack doesn't work on it. However, that requires buying a new computer, and with no proof hackers are even using this attack, you might just be spending money you don't need to.

Next Story
Source: The Register
View Comments ()
One police department spied on cellphones 4,300 times
Previous Happening Now

One police department spied on cellphones 4,300 times

That quadruple rainbow photo that's going ultra-viral? It's real!
Next Happening Now

That quadruple rainbow photo that's going ultra-viral? It's real!