A new method for extracting information from an Internet CPU keeps system administrators concerned. Cybersecurity specialists reported the finding of a new side channel vulnerability on these devices; unlike other similar flaws, this one can be exploited remotely over the network, so hackers do not require physical access to the device or the installation of some malware variant.
If exploited, this vulnerability, named
“Network Cache Attack” (NetCAT), would allow threat actors to
remotely access sensitive system data, such as SSH passwords, from the Intel
A team of cybersecurity experts from Vrije
University in the Netherlands is responsible for the discovery of NetCAT. In
their report, experts mention that the flaw resides in Intel Data-Direct I/O,
one of Intel’s system performance optimization features; by default, this
feature allows network devices to access the CPU cache.
This feature is enabled by default on all company
server-grade CPUs for the last 8 years, including Intel Xeon E5, E7, and SP.
“NetCAT works similarly to another popular side channel failure
(Throwhammer), sending specially designed network packets to the target system,
which must have Remote Direct Memory Access (RDMA) enabled,” the experts
This feature allows hackers to spy on remote
server-side peripheral devices (network cards, for example); this grants
attackers can analyze and determine the timing differences between network
packets served from the remote processor cache and packets served from memory.
“During an interactive SSH session, each time a key is pressed the network
packets are transmitted directly. When victims write a character during an
encrypted SSH session, using NetCAT hackers can extract the occurrence times of
this event by leaking the arrival time of the network packet”, mentioned
in the investigation.
Basically, hackers use a technique known as
“Keystroke Timing Attack” to extract what the victim writes in a
private SSH session. During testing, cybersecurity experts found that NetCAT is
up to 11% less effective than attacks that rely on local access, however, it
shows an effectiveness rate of up to 85% to discover keystroke patterns.
Side channel attacks have become one of the
main threats to companies like Intel and the millions of users of their
products. Previously, other NetCAT-like flaws such as Meltdown, Spectre,
Foreshadow, and TLBLeed have created countless problems for system
administrators and the cybersecurity community at large.
After receiving the report on the flaw Intel
released a security alert, although it ensures that this failure is not serious,
as more than vulnerability, it is a partial information leak issue. However,
specialists from the International Institute for Cyber Security (IICS)
recommend disabling the vulnerable feature to mitigate the risk of