• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
37,384 (8.56/day)
Location
Hyderabad, India
Processor AMD Ryzen 7 2700X
Motherboard MSI B450 Gaming Pro Carbon AC
Cooling AMD Wraith Prism
Memory 2x 16GB Corsair Vengeance LPX DDR4-3000
Video Card(s) AMD Radeon RX 5700 XT
Storage Western Digital Black NVMe 512GB
Display(s) Samsung U28D590 28-inch 4K UHD
Case Corsair Carbide 100R
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Antec EarthWatts Pro Gold 750W
Mouse Razer Abyssus
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro
DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research paper published on Tuesday, have discovered a critical vulnerability with DDIO that allows compromised servers in a network to steal data from every other machine on its local network. This include the ability to obtain keystrokes and other sensitive data flowing through the memory of vulnerable servers. This effect is compounded in data centers that have not just DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise an entire network. RDMA is a key ingredient in shoring up performance in HPCs and supercomputing environments. Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to untrusted networks, while it works on patches.

The NetCAT vulnerability spells big trouble for web hosting providers. If a hacker leases a server in a data-center with RDMA and DDIO enabled, they can compromise other customers' servers and steal their data. "While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future," the paper reads. We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse." The team also published a video briefing the nature of NetCAT. AMD EPYC processors don't support DDIO.



The video detailing NetCAT follows.


View at TechPowerUp Main Site
 
Joined
Jan 15, 2015
Messages
330 (0.19/day)
At this point it seems reasonable to assume that Intel's designs are horribly insecure. So, the biggest question seems to be: How insecure are AMD's Zen designs?

Another question is: How fast can a processor be if it's made to be completely secure — or, at least — made with security first and everything else second?

(I also don't like black boxes so it would have to be fully transparent. I don't consider secret piggybacked CPUs to be a recipe for security, so AMD already fails with that. Reportedly, that PSP was stripped for China but who knows what was substituted.)

It would be nice to see VIA step up with a fully-transparent fully-security-minded x86 CPU but it's working for China these days it seems and has never been a high-performance player.
 
Joined
Jan 15, 2015
Messages
330 (0.19/day)
Maybe some hackers will also now know....
When defects exist in products consumers have their hands on, it should always be assumed that the defects are known.

This should be a basic guiding principle. With transparency comes responsibility.

The notion that various 3rd-parties, various corporations with their particular corporate agendas, various executives with stocks to sell, various controversial agencies, should be able to trump press freedom is odious at best.

Besides, as I noted, consumers have an inherent right to know what it is that they bought. Money is life abstracted. When someone hands over a portion of their life for a product they deserve to know what they gave some of their life to get.
 
Joined
Jul 23, 2011
Messages
1,577 (0.53/day)
Location
Kaunas, Lithuania
System Name my box
Processor AMD Ryzen 7 2700X
Motherboard ASRock Taichi x470 Ultimate
Cooling NZXT Kraken x72
Memory 2×16GiB @ 3200MHz, some Corsair RGB led meme crap
Video Card(s) AMD [ASUS ROG STRIX] Radeon RX Vega64 [OC Edition]
Storage Samsung 970 Pro && 2× Seagate IronWolf Pro 4TB in Raid 1
Display(s) Asus VG278H + Asus VH226H
Case Fractal Design Define R6 Black TG
Audio Device(s) Using optical S/PDIF output lol
Power Supply Corsair AX1200i
Mouse Razer Naga Epic
Keyboard Das Keyboard Model S Ultimate
Software Funtoo Linux
Benchmark Scores 118405.21 BogoMIPS
Maybe some hackers will also now know....
>We initiated a coordinated disclosure process with Intel and NCSC (the Dutch national CERT) on June 23, 2019. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019.

As always* the vendor was informed way before the public for this exact reason, to evaluate and prepare mitigations.

*'cept that time "they" tried to short-sell AMD ayy lmao
 
Joined
Jan 15, 2015
Messages
330 (0.19/day)
for this exact reason
That's debatable.

Personally, I think protecting the public welfare ranks well below some other agendas, when it comes to those managing these matters. Otherwise, transparency, not censorship, would be the method not the objection.

Underlying all of this is the argument that freedom of the press should be suspended whenever there is a security flaw in a product. Unacceptable. People have the right to know what defects are in the products they bought, immediately upon discovery of those defects — not when Google nor any other corporation deigns to tell them — not when people have been able to game the stock market and the PR arena.
 
Joined
Jul 23, 2011
Messages
1,577 (0.53/day)
Location
Kaunas, Lithuania
System Name my box
Processor AMD Ryzen 7 2700X
Motherboard ASRock Taichi x470 Ultimate
Cooling NZXT Kraken x72
Memory 2×16GiB @ 3200MHz, some Corsair RGB led meme crap
Video Card(s) AMD [ASUS ROG STRIX] Radeon RX Vega64 [OC Edition]
Storage Samsung 970 Pro && 2× Seagate IronWolf Pro 4TB in Raid 1
Display(s) Asus VG278H + Asus VH226H
Case Fractal Design Define R6 Black TG
Audio Device(s) Using optical S/PDIF output lol
Power Supply Corsair AX1200i
Mouse Razer Naga Epic
Keyboard Das Keyboard Model S Ultimate
Software Funtoo Linux
Benchmark Scores 118405.21 BogoMIPS
That's debatable.
Agree, but in that post I used the "official reasoning" for delayed public disclosure on purpose.
Not trying to bash anyone, but if a person is not yet even aware of the standard practice of delayed public disclosure, no point in delving into the silver lining until they do some more of their own research.
 
Joined
Jan 15, 2015
Messages
330 (0.19/day)
Agree, but in that post I used the "official reasoning" for delayed public disclosure on purpose.
Not trying to bash anyone, but if a person is not yet even aware of the standard practice of delayed public disclosure, no point in delving into the silver lining until they do some more of their own research.
Well, since there is no actual legal basis for it it's not all that surprising that not everyone knows about it.

Ad hoc policies dreamt-up by random megacorps are hardly something that we should consider set in stone.

Of course, someone will respond to my point by advocating a period of martial law whenever there is a security flaw found. :wtf:
 
Joined
May 12, 2017
Messages
543 (0.63/day)
Consumers shouldn't know about the defects in the products they're sold, eh?
As long as it is fixed who cares. If you keep pushing & poking at any hardware long enough you will always find something.
 
Joined
Jan 15, 2015
Messages
330 (0.19/day)
As long as it is fixed who cares. If you keep pushing & poking at any hardware long enough you will always find something.
Takata airbags. Only one in a long long list of reasons why transparency is always the better policy.

Besides, "you will always find something" is a tangent. I have been discussing disclosure, not how easy it is to find the flaws. Debating the process involved in finding the flaws is a worthwhile thing but it's a separate issue entirely.
 
Last edited:
Joined
Nov 4, 2005
Messages
10,380 (2.05/day)
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
Lol. When can we assume that Intel threw security out the window to get performance way back when C2D was new and just never bothered to stop and fix it, cause they were the king of performance.
 
Joined
Dec 28, 2012
Messages
1,207 (0.49/day)
Thank you. & if the fix takes too long who knows what damage has already been done. Anyone can become a hacker with-in weeks, just look at Youtube videos, it's scary.
If you think transparency will lead to hackers getting the best of you via YouTube training, you probably should be using a modern PC. Have you considered Etch-a-sketch?

Always assume hacking groups already know about a vulnerability. And dont hide vulnerabilities. If you hide one and it leaks out after being abused, you are in for a world of hurt.
 
Joined
Aug 23, 2013
Messages
105 (0.05/day)
(I also don't like black boxes so it would have to be fully transparent. I don't consider secret piggybacked CPUs to be a recipe for security, so AMD already fails with that. Reportedly, that PSP was stripped for China but who knows what was substituted.)
The statement that AMD gave regarding opening sourcing their Security Engine is that it contains license parts and they will get in trouble if they share it.
 
Joined
Mar 7, 2010
Messages
481 (0.14/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 1700 @ 4.00
Motherboard AsRock X370 Killer SLI/ac
Cooling Corsair H110i
Memory 16 GIG GSKILL Ripjaw @ 2400
Video Card(s) Gigabyte GTX 1070 G1
Storage Crucial M.2 250 Samsung 840 EVO 250-Samsung 850 Pro-WD 1 TB
Display(s) LG 27
Case NZXT
Audio Device(s) N/A
Power Supply EVGA 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Home
I just wish they do these things behind closed doors, ie sent it directly to Intel/AMD to fix because i'm getting bored of this. There's no need for this to be in the public arena.
I think we have a right to know how vulnerable things can be, especially on server chips.
The Intel fan babies won't like this :roll:
 
Joined
Jun 28, 2015
Messages
674 (0.44/day)
Looks like Intel & Security are a dichotomy at this point :slap:

Safe to say anything closed source can have hidden vulnerabilities. This just makes open source keep looking better and better all the time...
 
Top