
Weakness in Intel chips lets researchers steal encrypted SSH keystrokes - headalgorithm
https://arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/
======
woliveirajr
> People should also be aware that disabling DDIO comes at a significant
> performance cost. So far as the researchers know, chips from AMD and other
> manufacturers aren't vulnerable because they don't store networking data on
> shared CPU caches.

Again, performance gains leak sensitive data and the solution is to disable
some features (and loose performance as well). Seems that Intel chose between
performance x security, and security lost.

> Intel DDIO is enabled by default on all Intel Xeon processor E5 family and
> Intel Xeon processor E7 v2 family platforms. (from
> [https://www.intel.com/content/www/us/en/io/data-direct-i-
> o-t...](https://www.intel.com/content/www/us/en/io/data-direct-i-o-
> technology.html))

Seems that it was used in 2012-2014 processors, so it's an attack on 5-years-
old processors. Perhaps the impact isn't that great nowadays, but I couldn't
find it the same attack can be made in more recent CPUs.

~~~
muraiki
The web site of the researchers says:

> Yes, DDIO is enabled transparently by default in all Intel server-grade
> processors since 2012 (Intel Xeon E5, E7 and SP families).

[https://www.vusec.net/projects/netcat/](https://www.vusec.net/projects/netcat/)

------
hajile
Intel claimed that DDIO would boost performance up to 2.3x. that's a pretty
big performance hit.

[https://www.tomshardware.co.uk/Intel-Xeon-E5-2690-Sandy-
Brid...](https://www.tomshardware.co.uk/Intel-Xeon-E5-2690-Sandy-Bridge-EP-
enterprise,news-37417.html)

------
noipv4
So, if I get this correct, the researchers side-channeled the LLC to reveal
data stored there by the NIC (DDIO).

------
dooglius
This flaw in ssh has been known about for ages, and has nothing to do with
Intel, and putting data in cache is neither Intel-specific nor a "weakness".

~~~
cma
Explain please. This is about direct device io exposing memory remotely
through timing attacks. Ssh info is just one example of what can be leaked.

~~~
dooglius
Memory isn't being exposed, just the fact that something is touching memory in
a certain place. That ssh login keystrokes leak via side channels is a long
standing flaw in ssh. Memory access patterns can already be inferred from
network response latency on any processor, nothing about that is new or
surprising.

~~~
cma
This doesn't give more timing precision than previous techniques?

~~~
angry_octet
It is a super accurate way of timing packet receipt. For keystrokes sent
across a WAN that wouldn't normally help you. But this really isn't about ssh,
which is just used as a cute demo of the power of traffic analysis and side
channels; this is about remote access to local side channels in the memory
system.

