Wednesday, September 11th 2019
New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data
DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research paper published on Tuesday, have discovered a critical vulnerability with DDIO that allows compromised servers in a network to steal data from every other machine on its local network. This include the ability to obtain keystrokes and other sensitive data flowing through the memory of vulnerable servers. This effect is compounded in data centers that have not just DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise an entire network. RDMA is a key ingredient in shoring up performance in HPCs and supercomputing environments. Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to untrusted networks, while it works on patches.
The NetCAT vulnerability spells big trouble for web hosting providers. If a hacker leases a server in a data-center with RDMA and DDIO enabled, they can compromise other customers' servers and steal their data. "While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future," the paper reads. We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse." The team also published a video briefing the nature of NetCAT. AMD EPYC processors don't support DDIO.
The video detailing NetCAT follows.
Source:
Arstechnica
The NetCAT vulnerability spells big trouble for web hosting providers. If a hacker leases a server in a data-center with RDMA and DDIO enabled, they can compromise other customers' servers and steal their data. "While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future," the paper reads. We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse." The team also published a video briefing the nature of NetCAT. AMD EPYC processors don't support DDIO.
38 Comments on New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data
Another question is: How fast can a processor be if it's made to be completely secure — or, at least — made with security first and everything else second?
(I also don't like black boxes so it would have to be fully transparent. I don't consider secret piggybacked CPUs to be a recipe for security, so AMD already fails with that. Reportedly, that PSP was stripped for China but who knows what was substituted.)
It would be nice to see VIA step up with a fully-transparent fully-security-minded x86 CPU but it's working for China these days it seems and has never been a high-performance player.
This should be a basic guiding principle. With transparency comes responsibility.
The notion that various 3rd-parties, various corporations with their particular corporate agendas, various executives with stocks to sell, various controversial agencies, should be able to trump press freedom is odious at best.
Besides, as I noted, consumers have an inherent right to know what it is that they bought. Money is life abstracted. When someone hands over a portion of their life for a product they deserve to know what they gave some of their life to get.
As always* the vendor was informed way before the public for this exact reason, to evaluate and prepare mitigations.
*'cept that time "they" tried to short-sell AMD ayy lmao
Personally, I think protecting the public welfare ranks well below some other agendas, when it comes to those managing these matters. Otherwise, transparency, not censorship, would be the method not the objection.
Underlying all of this is the argument that freedom of the press should be suspended whenever there is a security flaw in a product. Unacceptable. People have the right to know what defects are in the products they bought, immediately upon discovery of those defects — not when Google nor any other corporation deigns to tell them — not when people have been able to game the stock market and the PR arena.
Not trying to bash anyone, but if a person is not yet even aware of the standard practice of delayed public disclosure, no point in delving into the silver lining until they do some more of their own research.
Ad hoc policies dreamt-up by random megacorps are hardly something that we should consider set in stone.
Of course, someone will respond to my point by advocating a period of martial law whenever there is a security flaw found. :wtf:
Besides, "you will always find something" is a tangent. I have been discussing disclosure, not how easy it is to find the flaws. Debating the process involved in finding the flaws is a worthwhile thing but it's a separate issue entirely.
Always assume hacking groups already know about a vulnerability. And dont hide vulnerabilities. If you hide one and it leaks out after being abused, you are in for a world of hurt.
The Intel fan babies won't like this :roll:
It's the 3rd time lately when intel tries to cheat on performance by ignoring security and they get burned for it.
Safe to say anything closed source can have hidden vulnerabilities. This just makes open source keep looking better and better all the time...