Intel NetCAT. Another hole in the blue processors discovered

Share this:

Intel is not at peace. Another security flaw has just been found in blue processors. This time, the vulnerability applies only to Xeon server systems, but after all, it is there that security is the most important.

Behind the discovery is a team of researchers from the Free University of Amsterdam and the Federal Polytechnic in Zurich. The attack's link is Data-Direct I / O (DDIO) functions. It is a solution introduced in the time of Nahalem chips, i.e. Core of the first generation and used today. Allows the processor to share top-level cache with expansion cards.

Scientists have shown that this system lacks any form of isolation. By sending only network packets to a remote server, an attacker can break the confidentiality of an SSH session. No malware is needed on the server or client. This in turn leads to accurate information on the time of sending individual packets.

The NetCAT attack concept implies superimposing this information on keyboard typing patterns. As the time between keystrokes varies, scientists have managed to create an algorithm that works like a low-level keylogger. Example in the video below.

  Intel must withdraw the new processor from stores. He received too little cooling in the set

Moreover, if the processor additionally has the Remote Direct Memory Access (RDMA) technique, then the cybercriminal can register the activities of other users on the server.

It is not known that a similar ailment would apply to competing AMD Epyc systems. It does not apply to consumer chips, as they have neither DDIO nor RDMA. Xeon owners will have both features turned off, at least until the relevant patches are released.

Share this: