Echoes of Spectre and Meltdown
Side-channel attacks such as GoFetch are not that common in the real world for the reasons stated previously – there’s usually an easier way. “A side-channel attack basically is something that uses a side effect of legitimate functionality to expose small bits of information that can then be pieced together,” said Malwarebytes’ Reed.
Consequently, most vulnerabilities tend to be uncovered in the lab, rather than actively used by nefarious actors. Over the years researchers have come up with novel and amusing ways that a side-channel attack could conceivably leak data out. For example, it’s possible that malware could use the pattern of blinks of an LED or the sounds created by the hard disk being scratched to exfiltrate data. But unsurprisingly, these would be very difficult to pull off in the real world.
Nevertheless, the risks from side-channel attacks are still taken extremely seriously by cybersecurity professionals – and as with
GoFetch, occasionally there are vulnerabilities uncovered that do spark serious concerns. For example, in 2018 two vulnerabilities emerged called Spectre and Meltdown. Both worked in slightly different ways, but it was discovered that the problem could conceivably affect processors made by all of the largest players: Intel, AMD and ARM.
As a result, patches were quickly issued to all of the major operating systems – even though, especially in the case of Meltdown, there were performance trade-offs to be made.