The Cornell University researchers, Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan and Angelos D. Keromytis state that ‘The Spy in the Sandbox’ is the first micro-architectural side-channel attack which runs entirely within browser. Unlike other exploits, the potential hacker does not need to install any special software/inject any malware in the victim’s computer to carry out the spy in the sandbox attack. The exploit requires the potential hacker has to lure a victim to an untrusted web page with content controlled by the attacker. Once the victim is on the specially created website designed by the hacker, the Javascript inside the website launches an App that can view and record the flow of data, both, in and out of the victim’s PC cache. The cache which is the part of the CPU that serves as the intermediary between the high-speed central processor and the lower-speed random access memory or RAM. The exploit then records the time it takes for the victim’s PC to run various operations in the cache memory, using the browser’s own high-resolution timers. By studying the time it takes for memory access to take place, the hacker can get an accurate picture about a user’s browser history, keystrokes and mouse movements. The researchers state that the exploit cannot steal any passwords or data but rather records the data inflow which can help a potential hacker can then clone the users keystrokes and use the browser history for financial theft or malicious purpose. A side-channel attack is any attack that is based on interpreting the information gained from what’s going on inside a computer and then using the information for malicious purpose. You can download the research paper on The Spy in the Sandbox here (PDF) .
