Intel Chip Flaw: Researchers can steal encrypted keystrokes

    0
    1486
    Intel Chip Flaw: Researchers can steal encrypted keystrokes
    Intel Chip Flaw: Researchers can steal encrypted keystrokes

    Unfortunately, a flaw was detected in the Intel chip which leads to some bad consequences. The flaw found in the Intel chip allowed attackers to abuse the DDIO (data-direct I/O) feature of the same. Untrusted networks can sneak in and steal important information stored.

    The flaw leads to attackers attacking the DDIO feature and stealing encrypted keystrokes and vulnerable information stored on the chip. Intel has asked its users to either switch off the DDIO feature on their chips or remote direct memory access to non-trustworthy networks.

    The malicious attacks were found by the researchers at Vrije Universiteit Amsterdam and ETH Zurich. The flaw powers the malicious players to attack others.

    A statement was released in the reports that, “NetCAT shows that network-based cache side-channel attacks are a real threat. Cache attacks have been customarily used to release the sensitive information on a local setting (eg, from an attacker-controlled virtual machine to a victim virtual machine that shares the CPU cache on a cloud platform).

    With net, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in an SSH session from remote servers with no local access.”

    “A race condition in some particular microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access,” was stated by the Intel to alert its users about the malfunction going on around. It suggested and recommended its users to limit direct access from networks that are known trusted.

    “In scenarios where Intel DDIO and RDMA are enabled, strong security controls on a protected network are needed, as a malicious actor would need to have read/write RDMA access on the target machine using Intel DDIO to use this exploit,” added Intel to its statement directed to its audience.