Researchers at the Vrije Universiteit Amsterdam published a report on this Wednesday (September 10), referring to a potential security vulnerability in Intel's server CPU, which they call NetCat.
The vulnerability relies on the two technologies of Intel server CPUs, Direct Data Transfer Technology (DDIO) and Remote Direct Data Access (RDMA). By launching a Side-channel attack, it can infer what the CPU is currently doing. According to researchers, AMD's CPU will not be affected by the vulnerability.
Intel stated in a security bulletin that NetCat affects server CPUs that support DDIO and RDMA, such as E5, E7, and expandable (SP) CPUs. A low-level problem of DDIO is the culprit of the side letter attack, and DDIO has been enabled by default on Xeon CPUs since 2012. A researcher at the Vrije Universiteit Amsterdam said that RDMA allows hackers to "precisely control the relative memory location of network packets on the target server."
NetCat can remotely leak keystrokes in SSH links
The researcher also said that the vulnerability also means that untrusted devices on the network can now leak sensitive information such as keystroke records in the secure shell protocol link (SSH session) through a remote server without obtaining local access rights. Currently, the only way to prevent these attacks is to completely shut down DDIO. As for turning off RDMA, although these attacks cannot be completely prevented, it is at least helpful for those who are unwilling to give up using DDIO.
Intel also stated in the same security bulletin that people using Xeon CPUs should "restrict the direct access to untrusted devices" and use "Constant-time style code software that can resist timing attacks." Module". Researchers at the Free University of Amsterdam said that these software modules are not able to resist NetCat, but theoretically they can prevent similar attacks in the future. So the best solution is still to turn off DDIO.
Researchers have reported the NetCat security vulnerabilities to Intel and the Dutch National Cyber Security Center on June 23, and received bonuses for this. They also coordinated the publication time of the vulnerability with Intel.
The vulnerability relies on the two technologies of Intel server CPUs, Direct Data Transfer Technology (DDIO) and Remote Direct Data Access (RDMA). By launching a Side-channel attack, it can infer what the CPU is currently doing. According to researchers, AMD's CPU will not be affected by the vulnerability.
Intel stated in a security bulletin that NetCat affects server CPUs that support DDIO and RDMA, such as E5, E7, and expandable (SP) CPUs. A low-level problem of DDIO is the culprit of the side letter attack, and DDIO has been enabled by default on Xeon CPUs since 2012. A researcher at the Vrije Universiteit Amsterdam said that RDMA allows hackers to "precisely control the relative memory location of network packets on the target server."
NetCat can remotely leak keystrokes in SSH links
The researcher also said that the vulnerability also means that untrusted devices on the network can now leak sensitive information such as keystroke records in the secure shell protocol link (SSH session) through a remote server without obtaining local access rights. Currently, the only way to prevent these attacks is to completely shut down DDIO. As for turning off RDMA, although these attacks cannot be completely prevented, it is at least helpful for those who are unwilling to give up using DDIO.
Intel also stated in the same security bulletin that people using Xeon CPUs should "restrict the direct access to untrusted devices" and use "Constant-time style code software that can resist timing attacks." Module". Researchers at the Free University of Amsterdam said that these software modules are not able to resist NetCat, but theoretically they can prevent similar attacks in the future. So the best solution is still to turn off DDIO.
Researchers have reported the NetCat security vulnerabilities to Intel and the Dutch National Cyber Security Center on June 23, and received bonuses for this. They also coordinated the publication time of the vulnerability with Intel.
Comments
Post a Comment