Remote Spectre exploits demonstrated

This paper fromfour Graz University of Technology researchers [PDF] describes amechanism they have developed to exploit the Spectre V1 vulnerabilityover the net, with no local code execution required. "We show thatmemory access latency, in general, can be reflected in the latency ofnetwork requests. Hence, we demonstrate that it is possible for an attackerto distinguish cache hits and misses on specific cache lines remotely, bymeasuring and averaging over a larger number of measurements. Based onthis, we implemented the first access-driven remote cache attack, a remotevariant of Evict+ Reload called Thrash+Reload. Our remote Thrash+Reloadattack is a significant leap forward from previous remote cache timingattacks on cryptographic algorithms. We facilitate this technique toretrofit existing Spectre attacks to our network-based scenario. ThisNetSpectre variant is able to leak 15 bits per hour from a vulnerabletarget system." Other attacks described in the paper are able toachieve higher rates.