Unlike the disputes and disparages clogging the working of Intel CPUs in the past, researchers have encountered a severe mistake and gap making Intel open to widespread attacks over the network. What is more dangerous is that an attacker needn’t have any physical access or need to install any malware in the target’s computer but still take away data.
Called NetCAT, short for Network Cache Attack, this network-based crucial vulnerability can allow a remote attacker to scoop off important information from Intel’s CPUs and servers such as SSH passwords from Intel’s CPU cache.
How Dangerous is NetCAT And More About It?
Netcat was discovered by an elite team of security researchers based out of the Vrije University in Amsterdam. The typical vulnerability, tracked as CVE-2019-11184, was contained in a performance optimization feature called Intel’s DDIO—short for Data-Direct I/O—. The main work of DDIO is to grant remote peripherals access to the cache of Intel’s CPU via online network periphery. It comes enabled by default on all Intel server-grade processors from 2012.
According to security personnel, the mode of NetCAT attack is akin to that of Throwhammer. It picks its targets, crafting batches of network packets to the victim computer or station that has a Remote Direct Memory Access (RDMA) feature enabled.
The VUSec team has uploaded a video which demonstrated how the spying on SSH sessions takes place in real-time by multiple server routing. This issue has sent sparks flying inside Intel quarters who accepted the problem and also advised users to either disable DDIO or RDMA. As a safety protocol, it is widely followed that one shouldn’t give access to unknown servers to look into your personal information.
Intel, however, pegged the NetCAT vulnerability to be severely “low.” It thinks that it served as only a partial disclosure of a bug. Moreover, it also awarded a bug bounty gift to the VUSec team for discovering their threat and not sensationalizing it.