Intel Server-Grade CPUs Plagued by New Side-Channel Attack, NetCAT

[Tsing]

The hits keep coming for Intel. An advisory was released on Tuesday warning of a new exploit called NetCAT, which allows "bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH)." All modern Intel server CPUs made since 2012 are affected.

The vulnerability stems from the company's Data-Direct I/O (DDIO) Technology, which is meant to improve performance by allowing Ethernet controllers/adapters to talk directly with Xeon processors. AMD chips are not affected.

Targeting DDIO, an attacker could uncover the arrival time of individual network packets from an SSH session, using a remote cache side channel – thus obtaining sensitive information from the cache of the impacted application server.

 

[Azrak]

new exploit called NetCAT, which allows "bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH)."

No, they can get timing of network packet arrival, which could help determine what keys a user typed, but it's still guessing. There are no direct leaks of data, nor a way to see passwords or keys being typed. Just timing data. Sure, they can analyze that with AI and try to figure out what the user was typing. Maybe.

From the article:

“In scenarios where Intel DDIO and RDMA are enabled, strong security controls on a secured network are required, as a malicious actor would need to have read/write RDMA access on a target machine using Intel DDIO to use this exploit,” Intel said.

These attacks are getting more and more ridiculous now. But the researchers were paid $2K for the report. This is the thing.. as long as money is involved, people will find ways to try and make more of it. These researchers (and others) will continue to go further and further down the rabbit hole until either the money runs out or the vulnerabilities are no longer really relevant (how far can we stretch this one?) and Intel (or whoever is managing the payouts) stops paying for finding security issues.

The bottom line is that the odds of being affected by this are less than getting hit by lightning.

 

[AntiQuark]

Bzzzzt!!! Ow!

 

[DrezKill]

Another day, another Intel vulnerability.