Word of the day: Rowhammer
Rowhammer is a vulnerability in commodity dynamic random access memory (DRAM) chips that allows an attacker to exploit devices with DRAM memory by repeatedly accessing (hammering) a row of memory until it causes bit flips and transistors in adjacent rows of memory reverse their binary state: ones turn into zeros and vice versa.
The
flaw, first reported in the paper "Flipping Bits in Memory Without
Accessing Them: An Experimental Study of DRAM Disturbance Errors,"
detailed how, as DRAM processes continues to scale to smaller sizes, it
becomes more difficult to prevent individual memory cells from
interacting with neighboring cells.
The
Rowhammer flaw allows memory manipulation to be used by malicious
actors to extract data such as passwords from vulnerable systems. The
flaw has been detected in DDR3 and DDR4 DRAM chips and, when combined
with other attacks, can be used to access the contents of memory on
systems using vulnerable chips. The Google Project Zero team published
details of its proof of concept code for exploits of Rowhammer on x86-64
Linux machines, but they wrote that the
exploit was likely not specific to Linux systems.
Rowhammer
accomplishes this manipulation by forcing the repeated reading and
recharging of a row of capacitors in a DRAM chip. The repeated reading
and recharging of a row happens when an attacker uses the machine code
instruction Cache Line Flush (CLFLUSH) to clear the cache, as shown in
the 2014 research paper from Carnegie Mellon University and Intel Labs
researchers. Caching limits prevent bit flipping from occurring
normally, so the repeated CLFLUSH overloads
the system. When the bit flipping happens too often and in capacitor
rows too close together, neighboring capacitors begin to interact
electrically, and this opens up the opportunity to exploit the Rowhammer
flaw.
Researchers
at Intel became aware of Rowhammer in 2012 and filed patent
applications that were publically disclosed, but the vulnerability
didn't garner much attention until 2014 when the research paper was
published. DRAM chips are an important part of most electronic devices,
including those that are essential to computers. As such, DRAM
vulnerabilities like Rowhammer cannot be fixed with basic security
software or operating system (OS) updates. Rowhammer
continues to be used in new attacks. Posted by: Margaret Rouse Contributor(s): Madelyn Bacon Techtarget
Comments
Post a Comment