Intel CPU: NetCash Vulnerability Allows Hackers to Steal Sensitive Data


NetCash also known as Network Cache Attack, is the network-based side-channel vulnerability lets hackers and fraudster to access and sniff out vital data related to someone like the SSH password from Intel’s CPU cache. The find was done by researchers from Vrije University in Amsterdam. The vulnerability actually resides in a performance optimization feature known as Intel’s DDIO. DDIO stands for Data Direct I/O which grants network access to CPU cache to other peripheral devices. There have been previously been issues related to security in Intel’s devices but this kind of a flaw is a new one in a sense that the attackers do not have to gain physical access to the targeted computer.

Image Source:

The vulnerability in the discussion is called and popularly known among the fraudsters as CVE-2019-11184. DDIO or Direct Data input-output comes as a default in every intel server-grade processor from 2012including intel’s models like XeonE5, E7 and SP families. As the research paper revealed NetCash attack is similar to another attack known as Throwhammer which targets computer by sending specially crafted network packets to targeted computers having Remote Direct Memory Access feature enabled in them. The RDMA feature which is in build in Intel’s CPU complements fraudsters to spy on remote server-side peripherals such as network cards. The hackers also enabled to observe the time gap between network packets that are served from the remote processor’s cache versus a packet served from memory.

Image Source:

As explained by the VUSec team that during an SSH session every time a user presses any key, a network packet is being directly transmitted and NetCash leaks the arrival time of the corresponding network packet and also leaks the timing of the events. The VUSec team has also published a video, as shown above, demonstrating a method for spying on SSH sessions in real-time with nothing but a shared server.

Source: The Hacker News

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Darknet #.onion_Sites_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links_Hidden_Wiki #Dark_net_Links


Please enter your comment!
Please enter your name here