DDIO appeared on the scene in 2011 as a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. The big idea was that by avoiding system memory, Intel's -- short for Data-Direct I/O -- increased input/output bandwidth and reduced latency and power consumption.
Now, Dutch VUSec security boffins at the Vrije Universiteit Amsterdam are warning that, in specific scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers.
The most severe form of attack can take place in data centres, and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers.
To prove the point, VUSec devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server. "The researchers have named their attack NetCAT, short for Network Cache ATtack."
An advisory for Intel has warned that DDIO or RDMA should be switched off in untrusted networks.
"The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn't enabled. They are also advising hardware makers to do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers."
The researchers published their paper about NetCAT.