Intel: SSH-stealing NetCAT bug not really a problem
There’s another vulnerability in Intel chips, with another catchy name: NetCAT. The researchers who discovered it say that attackers could use it to find out what other users on a server are typing. Don’t recoil in horror yet, though exploiting it would be a challenge.
The attack revolves around a technology called Data Direct I/O (DDIO). Intel embedded it in all its server processors since 2012, and turned it on by default. It writes data from peripherals directly into the server CPU’s cache memory, bypassing system RAM to speed up processor communications in latency-sensitive applications.
According to the research from scientists at VU Amsterdam, a weakness in the technology means that an attacker can indirectly snoop on what others are typing in secure shell (SSH) sessions. SSH is an encrypted telnet replacement that lets people log into servers using a command-line interface.
When another user types a character in an SSH session, it goes directly to the server in a network packet, dislodging a piece of data in the server cache. The attacker can watch that happening.
Now, here’s the part that takes us into Hollywood movie territory. A hacker wouldn’t be able to read the characters that you type directly. Instead, they’d have to time the replacement of the data to work out the time between the user’s keystrokes. Then, they’d have to guess at the words you’re typing by analysing keyword patterns. They said:
… humans have distinct typing patterns. For example, typing ‘s’ right after ‘a’ is faster than typing ‘g’ after ‘s’. As a result, NetCAT can operate statistical analysis of the inter-arrival timings of packets in what is known as a keystroke timing attack to leak what you type in your private SSH session.