New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data

Mussels · Sep 11, 2019

Oof, this one actually sounds like it can do some serious damage out in the wild

mouacyk · Sep 11, 2019

that allows compromised servers in a network to steal data from every other machine on its local network

Sounds like one needed to have a bigger problem in the first place.

londiste · Sep 11, 2019

https://www.vusec.net/projects/netcat/ said:
More precisely, with NetCAT, we can leak the arrival time of the individual network packets from a SSH session using a remote cache side channel. Why is this useful? In an interactive SSH session, every time you press a key, network packets are being directly transmitted. As a result, every time a victim you type a character inside an encrypted SSH session on your console, NetCAT can leak the timing of the event by leaking the arrival time of the corresponding network packet. Now, humans have distinct typing patterns. For example, typing ‘s’ right after ‘a’ is faster than typing ‘g’ after ‘s’. As a result, NetCAT can operate statical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session.

Steevo · Sep 11, 2019

If (insert social media) can tell where I want to eat, where I bank, what kind of car I drive, where I live, know my phone number and much else only a little more info is needed to unlock the rest of who anyone is, and this is that key.

LocutusH · Sep 11, 2019

"AMD EPYC processors don't support DDIO. "

How convenient...

1d10t · Sep 11, 2019

DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache,

To my knowledge, remote session had to pass through BMC and gain elevated privilege within SPI. So either Intel screwed big time with their APM or they didn't have working TPM like EPYC. This is embarrassing to say the least, although with just simple firmwire they can patch it :shadedshu:

londiste · Sep 11, 2019

The attack vector is legitimate and it needs to be plugged but the issue is not as severe or as easy to exploit as demo and description in news implies.

tl;dr
- Attacker and Victim are connected to the same third machine (lets call it server for now). Separate NICs on server, so attacker and victim have no other point of contact.
- Victim has an interactive SSL session (every key press immediately sends a package).
- With some preparation, attacking computer can watch RX Buffer in the server where victim is transferring data to.
- Comparing the times packets were sent by attacker and times packets were detected to be received, attacker can determine when packets were received.
- Next, a good data set and cool algorithm is applied to the packet times (or more precisely inter-packet times) to predict what word was likely typed.

Basically, the information gathered is that there was a package received along with timing.
Busy network would throw some wrenches into this. The victim in the example video uses automated typing based on trained data which makes it a little less impressive.

eidairaman1 · Sep 11, 2019

yoyo2004 said:
This sort of news is getting old

oldtimenoob said:
Here we go again

Jem991 said:
"Security" Not realy

Candor said:
Leadership in vulnerability

delshay said:
I just wish they do these things behind closed doors, ie sent it directly to Intel/AMD to fix because i'm getting bored of this. There's no need for this to be in the public arena.

RichF said:
Consumers shouldn't know about the defects in the products they're sold, eh?

oldtimenoob said:
Maybe some hackers will also now know....

RichF said:
When defects exist in products consumers have their hands on, it should always be assumed that the defects are known.

This should be a basic guiding principle. With transparency comes responsibility.

The notion that various 3rd-parties, various corporations with their particular corporate agendas, various executives with stocks to sell, various controversial agencies, should be able to trump press freedom is odious at best.

Besides, as I noted, consumers have an inherent right to know what it is that they bought. Money is life abstracted. When someone hands over a portion of their life for a product they deserve to know what they gave some of their life to get.

Vinska said:
>We initiated a coordinated disclosure process with Intel and NCSC (the Dutch national CERT) on June 23, 2019. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019.

As always* the vendor was informed way before the public for this exact reason, to evaluate and prepare mitigations.

*'cept that time "they" tried to short-sell AMD ayy lmao

RichF said:
That's debatable.

Personally, I think protecting the public welfare ranks well below some other agendas, when it comes to those managing these matters. Otherwise, transparency, not censorship, would be the method not the objection.

Underlying all of this is the argument that freedom of the press should be suspended whenever there is a security flaw in a product. Unacceptable. People have the right to know what defects are in the products they bought, immediately upon discovery of those defects — not when Google nor any other corporation deigns to tell them — not when people have been able to game the stock market and the PR arena.

delshay said:
As long as it is fixed who cares. If you keep pushing & poking at any hardware long enough you will always find something.

Arc1t3ct said:
Will this nightmare ever end?

Crackong said:
I am NOT surprised

Steevo said:
Lol. When can we assume that Intel threw security out the window to get performance way back when C2D was new and just never bothered to stop and fix it, cause they were the king of performance.

yakk said:
Looks like Intel & Security are a dichotomy at this point

Safe to say anything closed source can have hidden vulnerabilities. This just makes open source keep looking better and better all the time...

Intel sewed bad seed with their bribes/arrogance/ignorance, now they are facing the wrath of their bad crop

GreiverBlade · Sep 11, 2019

"DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. "
ok now we see that all "Intel-exclusive performance enhancement" that give them a "performance edge" over the concurrence are bound to be security vulnerability ....

sooo, basically once patched these "enhancement" (read underhanded tricks) will not be "enhancement" anymore i wonder how much % will they lose this time (ofc for the mass it means literally nothing and the difference is not so much noticeable on a daily use basis .... but still ... )

bottom line ... "if you are faster than your concurrent using exploitable performances enhancement, it would be better to be on the same level as them, be more secure and priced adequately."

"Intel is superior, you get what you pay for, 9900KS king of the desktop, Xeon King of your datacenter, all for the safe data, real world matter!"

GamerGuy · Sep 12, 2019

delshay said:
I just wish they do these things behind closed doors, ie sent it directly to Intel/AMD to fix because i'm getting bored of this. There's no need for this to be in the public arena.

Whoa, isn't this the old Ostrich burying its head in a hole philosophy? Intel/AMD consumers should be made aware of vulnerabilities of their CPU's , which can be exploited, so that they can at least pressure Intel (or AMD for the matter) to ensure that the vulnerabilities are patched.

RichF · Sep 19, 2019

Mysteoa said:
The statement that AMD gave regarding opening sourcing their Security Engine is that it contains license parts and they will get in trouble if they share it.

Londo Mollari's little friend on his shoulder was licensed, too.

remixedcat · Sep 19, 2019

All xeons?

Solaris17 · Sep 19, 2019

remixedcat said:
All xeons?

not all. E5 E7 since v2 by the looks of it.

Intel® Data Direct I/O Technology

Improves system-level I/O performance by re-architecting data to processor cache, increasing bandwidth, and lowering latency and power consumption.

www.intel.com

R-T-B · Sep 19, 2019

oldtimenoob said:
Maybe some hackers will also now know....

The hackers are plenty capable of figuring it out on their own... and no, they don't learn from "youtube vids". :laugh:

This only affects Server chips/chipset combos though. And it's isolated to lan use cases. Low risk factor, IMO.

System Name	Rainbow Sparkles (Power efficient, <350W gaming load)
Processor	Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard	Asus x570-F (BIOS Modded)
Cooling	Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory	2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s)	Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage	2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s)	Phillips 32 32M1N5800A (4k144), LG 32" (4K60) \| Gigabyte G32QC (2k165) \| Phillips 328m6fjrmb (2K144)
Case	Fractal Design R6
Audio Device(s)	Logitech G560 \| Corsair Void pro RGB \|Blue Yeti mic
Power Supply	Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse	Logitech G Pro wireless + Steelseries Prisma XL
Keyboard	Razer Huntsman TE ( Sexy white keycaps)
VR HMD	Oculus Rift S + Quest 2
Software	Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores	Nyooom.

System Name	Gentoo64 /w Cold Coffee
Processor	9900K 5.2GHz @1.312v
Motherboard	MXI APEX
Cooling	Raystorm Pro + 1260mm Super Nova
Memory	2x16GB TridentZ 4000-14-14-28-2T @1.6v
Video Card(s)	RTX 4090 LiquidX Barrow 3015MHz @1.1v
Storage	660P 1TB, 860 QVO 2TB
Display(s)	LG C1 + Predator XB1 QHD
Case	Open Benchtable V2
Audio Device(s)	SB X-Fi
Power Supply	MSI A1000G
Mouse	G502
Keyboard	G815
Software	Gentoo/Windows 10
Benchmark Scores	Always only ever very fast

Processor	Ryzen 7800X3D
Motherboard	ROG STRIX B650E-F GAMING WIFI
Memory	2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s)	INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage	2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s)	42" LG C2 OLED, 27" ASUS PG279Q
Case	Thermaltake Core P5
Power Supply	Fractal Design Ion+ Platinum 760W
Mouse	Corsair Dark Core RGB Pro SE
Keyboard	Corsair K100 RGB
VR HMD	HTC Vive Cosmos

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.

System Name	Ryzen shine, Mr Freeman
Processor	5900X
Motherboard	ASUS X570 Dark Hero
Cooling	Arctic Liquid Freezer III 360 ARGB
Memory	32GB TridentZ Neo 3600 CL14
Video Card(s)	MSI Supreme 4080
Storage	2TB 970 EVO PLUS, 1TB 980
Display(s)	LG OLED 42C3
Case	O11D XL Black
Audio Device(s)	Xonar Essence STU, Mackie MR5+MR10S, HD598
Power Supply	Seasonic Prime Titanium 850W
Mouse	GPW
Keyboard	Epomaker TH96

New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data

Mussels

Freshwater Moderator

mouacyk

londiste

Steevo

LocutusH

1d10t

londiste

eidairaman1

The Exiled Airman

GreiverBlade

GamerGuy

RichF

remixedcat

Solaris17

Super Dainty Moderator

Intel® Data Direct I/O Technology

R-T-B

System Name	Poor Man's PC
Processor	Ryzen 7 7700
Motherboard	MSI B650M Mortar WiFi
Cooling	AMD Wraith Prism
Memory	32GB GSkill Flare X5 DDR5 6000Mhz
Video Card(s)	XFX Merc 310 Radeon RX 7900 XT
Storage	XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320
Display(s)	Xiaomi G Pro 27i MiniLED
Case	Asus A21 Case
Audio Device(s)	MPow Air Wireless + Mi Soundbar
Power Supply	Enermax Revolution DF 650W Gold
Mouse	Logitech MX Anywhere 3
Keyboard	Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers
VR HMD	Meta Quest 2
Benchmark Scores	Who need bench when everything already fast?

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	main/SFFHTPCARGH!(tm)/Xiaomi Mi TV Stick/Samsung Galaxy S25/Ally
Processor	Ryzen 7 5800X3D/i7-3770/S905X/Snapdragon 8 Elite/Ryzen Z1 Extreme
Motherboard	MSI MAG B550 Tomahawk/HP SFF Q77 Express/uh?/uh?/Asus
Cooling	Enermax ETS-T50 Axe aRGB /basic HP HSF /errr.../oh! liqui..wait, no:sizable vapor chamber/a nice one
Memory	64gb DDR4 3600/8gb DDR3 1600/2gbLPDDR3/12gbLPDDR5x/16gb(10 sys)LPDDR5 6400
Video Card(s)	Hellhound Spectral White RX 7900 XTX 24gb/GT 730/Mali 450MP5/Adreno 830/Radeon 780M 6gb LPDDR5
Storage	250gb870EVO/500gb860EVO/2tbSandisk/NVMe2tb+1tb/4tbextreme V2/1TB Arion/500gb/8gb/512gb/4tb SN850X
Display(s)	X58222 32" 2880x1620/32"FHDTV/273E3LHSB 27" 1920x1080/6.67"/LTPO AMOLED panel FHD+120hz/7" FHD 120hz
Case	Cougar Panzer Max/Elite 8300 SFF/None/Gorilla Glass Victus 2/front-stock back-JSAUX RGB transparent
Audio Device(s)	Logi Z333/SB Audigy RX/HDMI/HDMI/Dolby Atmos/CVJ NightElf/Moondrop Chu II+BT20S/Nekocake GfL QBZ-191
Power Supply	Chieftec Proton BDF-1000C /HP 240w/12v 1.5A/USAMS GAN PD 33w/USAMS GAN 100w
Mouse	Speedlink Sovos Vertical-Asus ROG Spatha-Logi Ergo M575/Xiaomi XMRM-006/touch/touch
Keyboard	Endorfy Thock 75%/Lofree Edge/none/touch/virtual
VR HMD	Medion Erazer
Software	Win10 64/Win8.1 64/Android TV 8.1/Android 14/Win11 64
Benchmark Scores	bench...mark? i do leave mark on bench sometime, to remember which one is the most comfortable. :o

System Name	DaBeast!!! DaBeast2!!!
Processor	AMD AM4 Ryzen 7 5700X3D 8C/16T/AMD AM4 RYZEN 9 5900X 12C/24T
Motherboard	Gigabyte X570 Aorus Xtreme/Gigabyte X570S Aorus Elite AX
Cooling	Thermaltake Water 3.0 360 AIO/Thermalright PA 120 SE
Memory	2x 16GB Corsair Vengeance RGB RT DDR4 3600C16/2x 16GB Patriot Elite II DDR4 4000MHz
Video Card(s)	XFX MERC 310 RX 7900 XTX 24GB/Sapphire Nitro+ RX 6900 XT 16GB
Storage	500GB Crucial P3 Plus NVMe PCIe 4x4 + 4TB Lexar NM790 NVMe PCIe 4x4 + TG Cardea Zero Z NVMe PCIe 4x4
Display(s)	Samsung LC49HG90DMEX 32:9 144Hz Freesync 2/Acer XR341CK 75Hz 21:9 Freesync
Case	CoolerMaster H500M/SOLDAM XR-1
Audio Device(s)	iFi Micro iDSD BL + Philips Fidelio B97/FostexHP-A4 + LG SP8YA
Power Supply	Corsair HX1000 Platinum/Enermax MAXREVO 1500
Mouse	Logitech G303 Shroud Ed/Logitech G603 WL
Keyboard	Logitech G915/Keychron K2
Software	Win11 Pro/Win11 Pro

System Name	RemixedBeast-NX
Processor	Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard	Dell Inc. 08HPGT (CPU 1)
Cooling	Dell Standard
Memory	24GB ECC
Video Card(s)	Gigabyte Nvidia RTX2060 6GB
Storage	2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s)	Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case	Dell Precision T3600 Chassis
Audio Device(s)	Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply	630w Dell T3600 PSU
Mouse	Logitech G700s/G502
Keyboard	Logitech K740
VR HMD	Linktr.ee/remixedcat // for my music ♡♡
Software	Linux Mint 20
Benchmark Scores	Network: APs: Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on Schitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6200(Running 1T no GDM)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise