A group of researchers from the Free University of Amsterdam and ETH Zurich have developed a network attack technique
Intel
The method used to attack is reminiscent of the "
Thanks to DDIO, the processor cache also includes data generated during malicious network activity. The NetCAT attack relies on the fact that network cards actively cache data, and the packet processing speed in modern local networks is sufficient to influence cache filling and determine the presence or absence of data in the cache through the analysis of data transmission delays.
When using interactive sessions, such as via SSH, the network packet is sent immediately after the key is pressed, i.e. delays between packets correlate with delays between keystrokes. Using the methods of statistical analysis and taking into account that the delays between presses usually depend on the position of the key on the keyboard, it is possible to recreate the input information with a certain probability. For example, most people usually type "s" after "a" much faster than "g" after "s".
The information stored in the processor cache also makes it possible to judge the exact time of packets sent by the network card when processing connections such as SSH. By generating a certain traffic flow, an attacker can determine when new data appears in the cache associated with certain activity in the system. To parse the contents of the cache, the method is used
It is not excluded that the proposed technique can be used to determine not only keystrokes, but also other types of confidential data that settle in the CPU cache. Potentially, an attack can be carried out with RDMA disabled, but without RDMA, its effectiveness is reduced, and execution is much more complicated. It is also possible to use DDIO to organize a covert communication channel used to transfer data after a server is compromised, bypassing systems to ensure security.
Source: opennet.ru