Home Hacking Rowhammer variant RAMBleed permits attackers to steal secrets and techniques from RAM

Rowhammer variant RAMBleed permits attackers to steal secrets and techniques from RAM

by ethhack

Researchers have devised a brand new assault that permits unprivileged code operating on computer systems to steal secrets and techniques, reminiscent of cryptographic keys, which might be saved in what needs to be protected reminiscence areas. The assault is feasible due to a recognized design subject with trendy DRAM chips that has been exploited prior to now to change protected information.

Dubbed RAMBleed, the brand new assault is the work of researchers Andrew Kwong and Daniel Genkin from the College of Michigan, Daniel Gruss from the Graz College of Know-how and Yuval Yarom from College of Adelaide and Knowledge61. Utilizing the brand new method, the researchers have been capable of extract an RSA 2048-bit signing key from an OpenSSH server utilizing code operating with user-level privileges.

Below Linux’s safety mannequin, and that of most trendy working programs, this shouldn’t be doable as a result of OpenSSH runs as a system service and its reminiscence is remoted and shielded from userspace functions, together with the kernel’s reminiscence. Any unauthorized violation of that safety boundary is a critical vulnerability as a result of many functions depend on the kernel to guard their secrets and techniques, reminiscent of encryption keys and passwords.

RAMBleed: One other {hardware} design flaw

RAMBleed is a variation of one other assault known as Rowhammer that has been recognized for a number of years and which exploits the elevated cell density in DDR3 and DDR4 SDRAM reminiscence chips. SDRAM chips retailer info as electrical costs inside cells which might be organized in rows. A cell’s cost or discharge state determines whether or not the worth saved inside is a 1 or a 0, which signify bits.

Different researchers have decided prior to now that repeated learn operations of the identical bodily row of reminiscence cells — dubbed hammering — may trigger their electrical costs to leak into adjoining rows, modifying the worth of the cells in these rows. That is doable as a result of in trendy SDRAM chips the cells are very small and tightly packed collectively.

If achieved in a managed method, this “row hammering” impact and the ensuing information modification can have safety implications. Rowhammer assaults demonstrated to date can be utilized to realize privilege escalation, escape of software program sandboxes or crash programs.

Source link

Related Articles

Leave a Comment