Researchers discovered NetCAT attack that can leak data from Intel CPUs

Researchers have discovered a security weakness in the feature that was introduced by the Intel in some of its server processors few years ago to help enhance its performance. It has been found to be capable of monitoring keystrokes across a network and steal sensitive information without using any vicious application. The weakness is in the Data-Direct I/O (DDIO) feature in some Intel Xeon processors and the attack which was reported by researchers from Vrije University in Amsterdam allows them to leak information from the cache of a compromising processor.

The NetCAT (Network Cache Attack) attack can be triggered remotely across a network as it is known and can be used to steal data such as keystrokes in an SSH as they happen. The researchers from VUSec wrote in their explanation of the attack We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server,”

How Does the NetCAT Occur:

The vulnerability roots from a new Intel feature called DDIO which aids network devices and other peripherals access to the CPU cache. DDIO was designed with intention to improve optimization in fast networks, it has terrible security implications, discovered by researchers. These threats disclose servers in local unreliable networks to remote side-channel attacks.

Researchers have disclosed how NetCAT can break the confidentiality of SSH sessions from a third machine. Notifiable thing here is that to steal the data, it doesn’t need any vicious software on the remote server since the scammer is doing this by sending network packets to to the remote server. In an interactive SSH session, each time you press a key, network packets are being directly sent.