Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday September 01 2016, @08:39PM   Printer-friendly
from the you're-not-meant-to-do-that dept.

A very anonymous AC submits the following:

http://arstechnica.com/security/2016/08/new-attack-steals-private-crypto-keys-by-corrupting-data-in-computer-memory/

The research team, which also included a member from Belgium's Katholieke Universiteit Leuven, went on to show how an attacker VM can use Flip Feng Shui to compromise RSA cryptography keys stored on another VM hosted in the same cloud environment. In one experiment, the attacker VM compromised the key used to authenticate secure shell access, a feat that allowed the VM to gain unauthorized access to the target. In a separate experiment, the attacker VM compromised the GPG key used by developers of the Ubuntu operating system to verify the authenticity of updates. With the compromised GPG key, the attacker VM was able to force the target to download and install a malicious update.

"Virtual Inception" could be a good name for this specific use of "Flip Feng Shui" :).

I wonder how well ECC protects from such attacks: http://arstechnica.com/security/2016/03/once-thought-safe-ddr4-memory-shown-to-be-vulnerable-to-rowhammer/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by Frost on Friday September 02 2016, @05:03AM

    by Frost (3313) on Friday September 02 2016, @05:03AM (#396554)

    If the attack flips more than two bits per word, the odds of SECDED ECC helping at all go way down.

  • (Score: 3, Informative) by sjames on Friday September 02 2016, @06:09AM

    by sjames (2882) on Friday September 02 2016, @06:09AM (#396568) Journal

    That's just the thing though, You don't get to decide how many bits you flip.If you flip 1, ECC will silently undo your efforts. If you flip two, ECC will sound the alarm (in some cases the machine will halt, ending your efforts). If the server also does ECC scrubbing, you have a very limited time to get those bits flipped in the first place.

    The odds aren't zero, but unlike rowhammer on unprotected memory where you can just keep at it, with ECC memory and scrubbing you must consistently flip 3 bits or more at the same time or none to avoid detection.