This shows my own try of Proof of Concept Exploit demonstrating the Spectre attack. Unfortunately, I have been able to reproduce it smoothly both on my local laptop and on my AWS Server.
According to the Spectre paper,
Spectre attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution
The two secrets are declared here:
char * secret = "This is some sample sensitive data";
char * secret2= "This is some other sample sensitive data";I first tried it on my local laptop running an Intel i5-3320M on Ubuntu 16.10 Yaketty
and it worked, as seen here:
Then, I tried it on my AWS EC2 Instance running an Intel Xeon E5-2676 v3 on Ubuntu Server 16.04TLS
and it worked as well:
Seems like we are all f*ucked.
Spectre was independently discovered and reported by Jann Horn and Paul Kocher in collaboration with, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).