Nova NetCAT ranjivost iskorištava DDIO na Intel Xeon procesorima za krađu podataka



DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research paper published on Tuesday, have discovered a critical vulnerability with DDIO that allows compromised servers in a network to steal data from every other machine on its local network. This include the ability to obtain keystrokes and other sensitive data flowing through the memory of vulnerable servers. This effect is compounded in data centers that have not just DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise an entire network. RDMA is a key ingredient in shoring up performance in HPCs and supercomputing environments. Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to untrusted networks, while it works on patches.

NetCAT ranjivost stvara velike probleme za pružatelje web hosting usluga. Ako haker zakupi poslužitelj u podatkovnom centru s omogućenim RDMA i DDIO, mogu kompromitirati poslužitelje drugih klijenata i ukrasti njihove podatke. 'Iako je NetCAT moćan čak i sa samo minimalnim pretpostavkama, vjerujemo da smo samo izgrebali površinu mogućnosti mrežnih predmemorija cachea, te očekujemo slične napade temeljene na NetCAT-u u budućnosti', piše u članku. Nadamo se da će naši napori oprezati dobavljače procesora protiv izlaganja mikroarhitektonskih elemenata perifernim uređajima bez temeljitog sigurnosnog dizajna da spriječimo zlouporabu. ' Tim je također objavio video u kojem je upoznao s prirodom NetCAT-a. AMD EPYC procesori ne podržavaju DDIO. Slijedi videozapis s pojedinostima o NetCAT-u.


Source: Arstechnica