Home SecurityNetwork Security New NetCAT CPU side-channel vulnerability exploitable over the network

New NetCAT CPU side-channel vulnerability exploitable over the network

by ethhack

Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn’t need to have local access on the targeted machine because the attack works over the network.

The culprit is Intel’s Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor’s internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck.

DDIO was designed with ethernet controllers and fast datacenter networks in mind to allow servers to handle 10-gigabit ethernet (10 GbE) connections and higher. The technology was first introduced in 2011 in the Intel Xeon E5 and Intel Xeon E7 v2 enterprise-level processor families.

CPU attacks like Spectre and Meltdown and their many variants have used the CPU cache as a side-channel to infer sensitive data. Researchers from the VUSec group at Vrije Universiteit Amsterdam have now shown that DDIO’s cache access can be exploited in a similar manner.

In a new paper released today, the researchers described an attacked dubbed NetCAT which abuses DDIO over the network to monitor access times in the CPU cache triggered by other clients connected to the same server over SSH (Secure Shell). By using a machine learning algorithm, they were then able to infer the keystrokes transmitted over the connection by analyzing the time information in the CPU cache region used by the server’s network card.

“In an interactive SSH session, every time you press a key, network packets are being directly transmitted. As a result, every time you type a character inside an encrypted SSH session on your console, NetCAT can leak the timing of the event by leaking the arrival time of the corresponding network packet. Now, humans have distinct typing patterns. For example, typing ‘s’ right after ‘a’ is faster than typing ‘g’ after ‘s’. As a result, NetCAT can operate statistical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session.”

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment