SoylentNews

upstart writes:

Submitted via IRC for Bytram

Researchers use Rowhammer bit flips to steal 2048-bit crypto key

The Rowhammer exploit that lets unprivileged attackers corrupt or change data stored in vulnerable memory chips has evolved over the past four years to take on a range of malicious capabilities, including elevating system rights and breaking out of security sandboxes, rooting Android phones, and taking control of supposedly impregnable virtual machines. Now, researchers are unveiling a new attack that uses Rowhammer to extract cryptographic keys or other secrets stored in vulnerable DRAM modules.

[...] RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware bug to extract sensitive data stored in memory regions that are off-limits to attackers. The attacks require only that the exploit hammers memory locations the exploit code already has permission to access. What's more, the data extraction can work even when DRAM protected by error correcting code detects and reverses a malicious bit flip.

Besides opening a previously unknown side channel that allows attackers to deduce sensitive data, the attack also introduces new ways unprivileged exploit code can cause cryptographic keys or other secret data to load into the select DRAM rows that are susceptible to extraction. By combining the memory massaging techniques with this new side-channel attack, the researchers—from the University of Michigan, Graz University of Technology, and the University of Adelaide and Data61—were able to extract an RSA 2048-bit signing key from an OpenSSH server using only user-level permissions. In a research paper published on Tuesday, the researchers wrote:

Previous research mostly considers Rowhammer as a threat to data integrity, allowing an unprivileged attacker to modify data without accessing it. With RAMBleed, however, we show that Rowhammer effects also have implications on data confidentiality, allowing an unprivileged attacker to leverage Rowhammer-induced bit flips in order to read the value of neighboring bits. Furthermore, as not every bit in DRAM can be flipped via Rowhammer, we also present novel memory massaging techniques that aim to locate and subsequently exploit Rowhammer flippable bits. This enables the attacker to read otherwise inaccessible information such as secret key bits. Finally, as our techniques only require the attacker to allocate and deallocate memory and to measure instruction timings, RAMBleed allows an unprivileged attacker to read secret data using the default configuration of many systems (e.g., Ubuntu Linux), without requiring any special configurations (e.g., access to pagemap, huge pages, or memory deduplication).

While RAMBleed represents a new threat that hardware and software engineers will be forced to protect against, it seems unlikely that exploits will be carried out in real-world attacks any time soon. That's because, like most other Rowhammer-based attacks, RAMBleed requires a fair amount of overhead and at least some luck. For determined attackers in the field today, there may be more reliable attacks that achieve the same purpose. While ordinary users shouldn't panic, RAMBleed and the previous attacks it builds on poses a longer-term threat, especially for users of low-cost commodity hardware.

Original Submission