Connect with us

Hi, what are you looking for?

Technology

New Rowhammer technique bypasses existing DDR4 memory defenses


hammers

Researchers have developed a new fuzzing-based technique called ‘Blacksmith’ that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations.

The emergence of this new Blacksmith method demonstrates that today’s DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted.

The Rowhammer effect

Rowhammer is a security exploit that relies on the leaking of electrical charges between adjacent memory cells, enabling a threat actor to flip 1s and 0s and change the content in the memory.

This powerful attack can bypass all software-based security mechanisms, leading to privilege escalation, memory corruption, and more.

It was first discovered in 2014, and within a year, two working privilege escalation exploits based on the researcher were already available.

Gradually, this became a widespread problem, and even Android tools were developed, exploiting the Rowhammer vulnerability on smartphones to gain root access.

The mitigations applied to address this bit-flipping problem showed the first signs of their insufficiency in March 2020, when academic researchers proved that a bypass was possible.

Advertisement. Scroll to continue reading.

Manufacturers had implemented a set of mitigations called “Target Row Refresh” (TRR), which were mainly effective in keeping the then-new DDR4 safe from attacks.

The attack used against it was called ‘TRRespass,’ and was another fuzzing-based technique that successfully found usable Rowhammering patterns.

Fuzzing a new way in

‘TRRespass’ was able to find effective patterns in 14 of the 40 tested DIMMs, realizing a roughly 37.5% success. However, ‘Blacksmith’ found effective Rowhammer patterns on all of the 40 tested DIMMs.

The trick that the researchers used this time is not to approach the hammering patterns uniformly but instead explore non-uniform structures that can still bypass TRR.

The team used order, regularity, and intensity parameters to design frequency-based Rowhammer patterns and then fed them to the Blacksmith fuzzer to find working values.

The architecture of a BlackSmith attack
The architecture of a BlackSmith attack
Source: Comsec

This essentially revealed new exploitation potential that previous researches missed, as illustrated in the video below.

The fuzzer ran for 12 hours and yielded the optimal parameters to use in a Blacksmith attack. Using these values, the researchers were able to perform bit flips over a contiguous memory area of 256 MB.

To prove that this is exploitable in real-world scenarios, the team performed test attacks that allowed them to retrieve private keys for public RSA-2048 keys used to authenticate to an SSH host.

Concluding, our work confirms that the DRAM vendors’ claims about Rowhammer protections are false and lure you into a false sense of security. All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed. – Comsec.

Comsec further found that while using ECC DRAM will make exploitation harder, they will not defend against all Rowhammer attacks.

Advertisement. Scroll to continue reading.

DDR5 may be safer

Newer DDR5 DRAM modules are already available in the market, and adoption will pick up pace in the next couple of years.

In DDR5, Rowhammer may not be as much of a problem, as TRR is replaced by “refresh management,” a system that keeps track of activations in a bank and issues selective refreshes once a threshold is reached.

This means that scalable fuzzing on a DDR5 DRAM device would be a lot harder and possibly a lot less effective, but that remains to be seen.



Source link

Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Advertisement

Latest

Technology

Researchers have developed a new fuzzing-based technique called ‘Blacksmith’ that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations. The emergence...

Top Stories

The controversial U.S. infrastructure bill was signed into law by President Joe Biden this morning, with the legislation passing without amendments made to the...

Online Business Success

— AFP/File Rupee value slightly improves by Rs0.44, settling at Rs175.29 against the US dollar in the inter-bank market. The uptrend in remittances and...

Social Media

Snapchat continues to expand its audio options, this time via a new deal with Sony Music Entertainment, which will enable Snapchatters to incorporate even...

Loan And Finance

“Just as we have air quality alerts, categories for tropical hurricanes, and red flag warnings for wildfires, California needs a way to warn our...

Top Stories

South Korea’s crypto community coul soon face stringent reporting requirements on all cryptocurrency transactions, with the country’s National Assembly currently debating whether “know-the sender”...

Technology

Source: Joseph Keller/iMore Apple has released an update to its now-owned Dark Sky app that addresses some issues when trying to use it to...

Top Stories

Selecting a timeframe for technical analysis is always a tricky topic, but usually, the longer the trend, the higher the odds it shall prevail....

Advertisement

You May Also Like

Blogging

In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Advertisement