Woah!<p>Summarizing:<p>...<p>Goethem et al.
exploited more accurate in-browser timing to obtain information even from within other websites, such as contact lists or previous inputs.<p>...<p>Oren et al. recently demonstrated that cache side-channel attacks can also be performed in browsers. Their attack uses the performance.now method to obtain a timestamp whose resolution is in the range of nanoseconds. It allows spying on user activities but also building a covert channel with a process running on the system. Gruss et al. and Bosman et al. demonstrated Rowhammer
attacks in JavaScript, leveraging the same timing interface. In response, the WC and browser vendors have changed the performance.now method to a resolution of 5 µs. The timestamps in the Tor browser are even more coarse-grained, at 100 ms .<p>In both cases, this successfully stops side-channel attacks by withholding necessary information from an adversary.
In this paper, we demonstrate that reducing the resolution of timing information or even removing these interfaces is completely insucient as an attack mitigation.<p>...<p>Our key contributions are:<p>– We performed a comprehensive evaluation of known and new mechanisms to obtain timestamps. We compared methods on the major browsers on Windows, Linux and Mac OS X, as well as on Tor browser.<p>– Our new timing methods increase the resolution of ocial methods by 3 to 4 orders of magnitude on all browsers, and by 8 (!!) orders of magnitude on Tor browser. <i>Our evaluation therefore shows that reducing the resolution of timer interfaces does not mitigate any attack.</i><p>– We demonstrate the first DRAM-based side channel in JavaScript to exfiltrate data from a highly restricted execution environment inside a VM with no network interfaces.<p>– Our results underline that quick-fix mitigations are dangerous, as they can establish a false sense of security.