A new method for extracting information from an Internet CPU keeps system administrators concerned. Cybersecurity specialists reported the finding of a new side channel vulnerability on these devices; unlike other similar flaws, this one can be exploited remotely over the network, so hackers do not require physical access to the device or the installation of some malware variant.
If exploited, this vulnerability, named “Network Cache Attack” (NetCAT), would allow threat actors to remotely access sensitive system data, such as SSH passwords, from the Intel CPU cache.
A team of cybersecurity experts from Vrije University in the Netherlands is responsible for the discovery of NetCAT. In their report, experts mention that the flaw resides in Intel Data-Direct I/O, one of Intel’s system performance optimization features; by default, this feature allows network devices to access the CPU cache.
This feature is enabled by default on all company server-grade CPUs for the last 8 years, including Intel Xeon E5, E7, and SP. “NetCAT works similarly to another popular side channel failure (Throwhammer), sending specially designed network packets to the target system, which must have Remote Direct Memory Access (RDMA) enabled,” the experts mention.
This feature allows hackers to spy on remote server-side peripheral devices (network cards, for example); this grants attackers can analyze and determine the timing differences between network packets served from the remote processor cache and packets served from memory. “During an interactive SSH session, each time a key is pressed the network packets are transmitted directly. When victims write a character during an encrypted SSH session, using NetCAT hackers can extract the occurrence times of this event by leaking the arrival time of the network packet”, mentioned in the investigation.
Basically, hackers use a technique known as “Keystroke Timing Attack” to extract what the victim writes in a private SSH session. During testing, cybersecurity experts found that NetCAT is up to 11% less effective than attacks that rely on local access, however, it shows an effectiveness rate of up to 85% to discover keystroke patterns.
Side channel attacks have become one of the main threats to companies like Intel and the millions of users of their products. Previously, other NetCAT-like flaws such as Meltdown, Spectre, Foreshadow, and TLBLeed have created countless problems for system administrators and the cybersecurity community at large.
After receiving the report on the flaw Intel released a security alert, although it ensures that this failure is not serious, as more than vulnerability, it is a partial information leak issue. However, specialists from the International Institute for Cyber Security (IICS) recommend disabling the vulnerable feature to mitigate the risk of exploitation.