Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn’t need to have local access on the targeted machine because the attack works over the network.
The culprit is Intel’s Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor’s internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck.
DDIO was designed with ethernet controllers and fast datacenter networks in mind to allow servers to handle 10-gigabit ethernet (10 GbE) connections and higher. The technology was first introduced in 2011 in the Intel Xeon E5 and Intel Xeon E7 v2 enterprise-level processor families.
CPU attacks like Spectre and Meltdown and their many variants have used the CPU cache as a side-channel to infer sensitive data. Researchers from the VUSec group at Vrije Universiteit Amsterdam have now shown that DDIO’s cache access can be exploited in a similar manner.
In a new paper released today, the researchers described an attacked dubbed NetCAT which abuses DDIO over the network to monitor access times in the CPU cache triggered by other clients connected to the same server over SSH (Secure Shell). By using a machine learning algorithm, they were then able to infer the keystrokes transmitted over the connection by analyzing the time information in the CPU cache region used by the server’s network card.
“In an interactive SSH session, every time you press a key, network packets are being directly transmitted. As a result, every time you type a character inside an encrypted SSH session on your console, NetCAT can leak the timing of the event by leaking the arrival time of the corresponding network packet. Now, humans have distinct typing patterns. For example, typing ‘s’ right after ‘a’ is faster than typing ‘g’ after ‘s’. As a result, NetCAT can operate statistical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session.”
First remote side-channel attack
This means that with a direct network connection to the server, an attacker can leak potentially sensitive information about other clients connected to the same server, making it the first time when a CPU side-channel attack has been demonstrated to work remotely instead of locally.
Intel awarded a bounty for the vulnerability but assigned a low severity score to it — 2.6 out of 10 on the CVSS scale.
“In scenarios where DDIO and RDMA are enabled, strong security controls on a secured network are required as an attacker would need to have read and write RDMA access on a target machine using DDIO,” the company said on its website. “In the complex scenarios where DDIO and RDMA are typically used, such as massively parallel computing clusters, the access an attacker would need would be uncommon.”
The researchers disagreed to some extent on the rarity of the exploitation conditions cited by Intel. They told CSO that they used Remote Direct Memory Access (RDMA) for this attack because it was easier, but that there are probably ways to exploit DDIO without it.
NetCAT is just the first crack in the dam and future research will likely uncover additional and improved attack methods, as it has happened with other attacks in the past, they said.
Mitigation limited and impractical
They feel that like most vendors, Intel’s response focuses on the exploit reported to them rather than the root cause vulnerability, which is DDIO itself. Short of disabling this feature, which can have a significant performance impact, server owners can’t do much to mitigate the problem.
“Where DDIO and RDMA are enabled, limit direct access from untrusted networks,” Intel said in an advisory. “The use of software modules resistant to timing attacks, using constant-time style code.”
The problem is that following these recommendations might not be viable in practice for many deployments. For example, servers that need to have a direct connection to the internet are available to untrusted networks by default.
Also, achieving constant time in the context of cache access implies that the code should talk to the CPU even when it doesn’t technically need to, so that the access time doesn’t variate and doesn’t reveal anything to an attacker. However, that is very expensive for performance, the researchers tell CSO.
The NetCAT attack targets SSH because it generates new packets for every keystroke, making it an obvious target. However, there might be other vulnerable applications and potential attack scenarios that have yet to be discovered.
The VUSec researchers are confident that just as we’ve seen with Meltdown, Spectre, Rowhammer and other flaws that stem from hardware design decisions, we will see more DDIO attack variants.