• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New NetCAT Vulnerability Exploits DDIO on Intel Xeon Processors to Steal Data

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,300 (7.52/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research paper published on Tuesday, have discovered a critical vulnerability with DDIO that allows compromised servers in a network to steal data from every other machine on its local network. This include the ability to obtain keystrokes and other sensitive data flowing through the memory of vulnerable servers. This effect is compounded in data centers that have not just DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise an entire network. RDMA is a key ingredient in shoring up performance in HPCs and supercomputing environments. Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to untrusted networks, while it works on patches.

The NetCAT vulnerability spells big trouble for web hosting providers. If a hacker leases a server in a data-center with RDMA and DDIO enabled, they can compromise other customers' servers and steal their data. "While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future," the paper reads. We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse." The team also published a video briefing the nature of NetCAT. AMD EPYC processors don't support DDIO.



The video detailing NetCAT follows.


View at TechPowerUp Main Site
 
Joined
Jul 3, 2018
Messages
229 (0.10/day)
Location
Australia
Processor Intel Core i7-13700KF
Motherboard GIGABYTE Z690 AORUS ELITE
Cooling Dark Rock Pro 4
Memory G.Skill Ripjaws DDR4-4000 32GB (4x8GB)
Video Card(s) ASUS TUF Gaming Radeon RX 7900 XT OC Edition 20GB GDDR6
Storage Various
Display(s) GIGABYTE M32U 4K 144hz
Audio Device(s) External Amp
Software KDE Neon
Joined
Jan 15, 2015
Messages
362 (0.10/day)
At this point it seems reasonable to assume that Intel's designs are horribly insecure. So, the biggest question seems to be: How insecure are AMD's Zen designs?

Another question is: How fast can a processor be if it's made to be completely secure — or, at least — made with security first and everything else second?

(I also don't like black boxes so it would have to be fully transparent. I don't consider secret piggybacked CPUs to be a recipe for security, so AMD already fails with that. Reportedly, that PSP was stripped for China but who knows what was substituted.)

It would be nice to see VIA step up with a fully-transparent fully-security-minded x86 CPU but it's working for China these days it seems and has never been a high-performance player.
 
Joined
Jan 15, 2015
Messages
362 (0.10/day)
Maybe some hackers will also now know....
When defects exist in products consumers have their hands on, it should always be assumed that the defects are known.

This should be a basic guiding principle. With transparency comes responsibility.

The notion that various 3rd-parties, various corporations with their particular corporate agendas, various executives with stocks to sell, various controversial agencies, should be able to trump press freedom is odious at best.

Besides, as I noted, consumers have an inherent right to know what it is that they bought. Money is life abstracted. When someone hands over a portion of their life for a product they deserve to know what they gave some of their life to get.
 
Joined
Jul 23, 2011
Messages
1,586 (0.32/day)
Location
Kaunas, Lithuania
System Name my box
Processor AMD Ryzen 9 5950X
Motherboard ASRock Taichi x470 Ultimate
Cooling NZXT Kraken x72
Memory 2×16GiB @ 3200MHz, some Corsair RGB led meme crap
Video Card(s) AMD [ASUS ROG STRIX] Radeon RX Vega64 [OC Edition]
Storage Samsung 970 Pro && 2× Seagate IronWolf Pro 4TB in Raid 1
Display(s) Asus VG278H + Asus VH226H
Case Fractal Design Define R6 Black TG
Audio Device(s) Using optical S/PDIF output lol
Power Supply Corsair AX1200i
Mouse Razer Naga Epic
Keyboard Keychron Q1
Software Funtoo Linux
Benchmark Scores 217634.24 BogoMIPS
Maybe some hackers will also now know....
>We initiated a coordinated disclosure process with Intel and NCSC (the Dutch national CERT) on June 23, 2019. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019.

As always* the vendor was informed way before the public for this exact reason, to evaluate and prepare mitigations.

*'cept that time "they" tried to short-sell AMD ayy lmao
 
Joined
Jan 15, 2015
Messages
362 (0.10/day)
for this exact reason
That's debatable.

Personally, I think protecting the public welfare ranks well below some other agendas, when it comes to those managing these matters. Otherwise, transparency, not censorship, would be the method not the objection.

Underlying all of this is the argument that freedom of the press should be suspended whenever there is a security flaw in a product. Unacceptable. People have the right to know what defects are in the products they bought, immediately upon discovery of those defects — not when Google nor any other corporation deigns to tell them — not when people have been able to game the stock market and the PR arena.
 
Joined
Jul 23, 2011
Messages
1,586 (0.32/day)
Location
Kaunas, Lithuania
System Name my box
Processor AMD Ryzen 9 5950X
Motherboard ASRock Taichi x470 Ultimate
Cooling NZXT Kraken x72
Memory 2×16GiB @ 3200MHz, some Corsair RGB led meme crap
Video Card(s) AMD [ASUS ROG STRIX] Radeon RX Vega64 [OC Edition]
Storage Samsung 970 Pro && 2× Seagate IronWolf Pro 4TB in Raid 1
Display(s) Asus VG278H + Asus VH226H
Case Fractal Design Define R6 Black TG
Audio Device(s) Using optical S/PDIF output lol
Power Supply Corsair AX1200i
Mouse Razer Naga Epic
Keyboard Keychron Q1
Software Funtoo Linux
Benchmark Scores 217634.24 BogoMIPS
That's debatable.

Agree, but in that post I used the "official reasoning" for delayed public disclosure on purpose.
Not trying to bash anyone, but if a person is not yet even aware of the standard practice of delayed public disclosure, no point in delving into the silver lining until they do some more of their own research.
 
Joined
Jan 15, 2015
Messages
362 (0.10/day)
Agree, but in that post I used the "official reasoning" for delayed public disclosure on purpose.
Not trying to bash anyone, but if a person is not yet even aware of the standard practice of delayed public disclosure, no point in delving into the silver lining until they do some more of their own research.
Well, since there is no actual legal basis for it it's not all that surprising that not everyone knows about it.

Ad hoc policies dreamt-up by random megacorps are hardly something that we should consider set in stone.

Of course, someone will respond to my point by advocating a period of martial law whenever there is a security flaw found. :wtf:
 
Joined
May 12, 2017
Messages
2,207 (0.79/day)
Consumers shouldn't know about the defects in the products they're sold, eh?

As long as it is fixed who cares. If you keep pushing & poking at any hardware long enough you will always find something.
 
Joined
Jan 15, 2015
Messages
362 (0.10/day)
As long as it is fixed who cares. If you keep pushing & poking at any hardware long enough you will always find something.
Takata airbags. Only one in a long long list of reasons why transparency is always the better policy.

Besides, "you will always find something" is a tangent. I have been discussing disclosure, not how easy it is to find the flaws. Debating the process involved in finding the flaws is a worthwhile thing but it's a separate issue entirely.
 
Last edited:
Joined
Feb 15, 2019
Messages
1,666 (0.78/day)
System Name Personal Gaming Rig
Processor Ryzen 7800X3D
Motherboard MSI X670E Carbon
Cooling MO-RA 3 420
Memory 32GB 6000MHz
Video Card(s) RTX 4090 ICHILL FROSTBITE ULTRA
Storage 4x 2TB Nvme
Display(s) Samsung G8 OLED
Case Silverstone FT04
I am NOT surprised
 
Joined
Nov 4, 2005
Messages
12,014 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Lol. When can we assume that Intel threw security out the window to get performance way back when C2D was new and just never bothered to stop and fix it, cause they were the king of performance.
 
Joined
Dec 28, 2012
Messages
3,956 (0.90/day)
System Name Skunkworks 3.0
Processor 5800x3d
Motherboard x570 unify
Cooling Noctua NH-U12A
Memory 32GB 3600 mhz
Video Card(s) asrock 6800xt challenger D
Storage Sabarent rocket 4.0 2TB, MX 500 2TB
Display(s) Asus 1440p144 27"
Case Old arse cooler master 932
Power Supply Corsair 1200w platinum
Mouse *squeak*
Keyboard Some old office thing
Software Manjaro
Thank you. & if the fix takes too long who knows what damage has already been done. Anyone can become a hacker with-in weeks, just look at Youtube videos, it's scary.
If you think transparency will lead to hackers getting the best of you via YouTube training, you probably should be using a modern PC. Have you considered Etch-a-sketch?

Always assume hacking groups already know about a vulnerability. And dont hide vulnerabilities. If you hide one and it leaks out after being abused, you are in for a world of hurt.
 
Joined
Aug 23, 2013
Messages
471 (0.11/day)
(I also don't like black boxes so it would have to be fully transparent. I don't consider secret piggybacked CPUs to be a recipe for security, so AMD already fails with that. Reportedly, that PSP was stripped for China but who knows what was substituted.)

The statement that AMD gave regarding opening sourcing their Security Engine is that it contains license parts and they will get in trouble if they share it.
 
Joined
Mar 7, 2010
Messages
993 (0.18/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro
I just wish they do these things behind closed doors, ie sent it directly to Intel/AMD to fix because i'm getting bored of this. There's no need for this to be in the public arena.

I think we have a right to know how vulnerable things can be, especially on server chips.
The Intel fan babies won't like this :roll:
 
D

Deleted member 158293

Guest
Looks like Intel & Security are a dichotomy at this point :slap:

Safe to say anything closed source can have hidden vulnerabilities. This just makes open source keep looking better and better all the time...
 
Top