Intel CPUs Are At Risk Of Data Leakage After NetCAT Attack

Security researcher keep detecting flaws and vulnerabilities in the system to protect sensitive data. This time researchers have spotted a new type of attack which is used in targeting Intel server-grade CPUs created since 2012. According to the expert report, this attack is based on a vulnerability of Intel processor known as NetCAT (Network Cache Attack). Using this flaw, cyber criminals can attack processor to obtain SSH password and other sensitive data. Really it is a topic of concern because it allow bad actors to collect sensitive data without installing any malicious program on the targeted system. The flaw is also known as CVE-2019-11184 and it reside in optimization feature.

What Is The Main Reason Behind NetCAT?

The vulnerability is related to the recent performance optimization feature of Intel which is known as DDIO. This feature was implemented to give network device access to CPU cache and according to researchers, this feature comes with severe security insinuation. These problem expose Intel servers in untrusted local networks to remote server attacks. As mentioned above, researchers have showed how NetCAT can breach confidentiality of SSH session from a third system. Because the attacker are doing this attack by sending network packets to the remote server, they do not require any malicious software on remote server. Cyber criminals would communicate with the help of RDMA (Remote Direct Memory Access), which allow memory of one system to direct link with another computer.

With the help of this communication, cyber crooks become capable to observe timing of data packets. They can also observe keystroke of user which is being sent into a specific pattern which may disclose sensitive passwords and other data. However, the vulnerability is not easy to expose and to do that attackers need direct network connection to the marked system. They also need to write/read RDMA access on targeted system using DDIO to initiate this attack.

NetCAT Vulnerability : How Attackers Are Utilizing It?

Cyber criminals can repeatedly pull off this surveillance by filling CPUs memory cache with the help of string network packets to targeted server. Once victim send their packet, attackers data comes out of cache because of the incoming traffic. As mentioned above, attackers quickly refill cache, they can sense whether data was present or removed from cache. This can be used to find the time interval between incoming packets of victim including keys pressed by them. However, Intel doesn’t take this vulnerability seriously and according to the chip giant, it is like a fascinating weakness which everyone want to be aware with.

However, Intel has recommended users of CPUs to either disable DDIO or RDMA feature. According to the company, the attack is not so easy but disabling these features will make it more difficult for the cyber criminals. Vulnerabilities in software are one of the most used ways of cyber criminals to attack a system. So the best way to prevent these attack is to keep all the software upto date because chance of flaw increased in outdated software.

Leave a Reply

Your email address will not be published. Required fields are marked *