Stories
Slash Boxes
Comments

SoylentNews is people

The Rowhammer is Here... Next Heartbleed?

posted by janrinok on Wednesday July 29 2015, @12:48AM   Printer-friendly
from the for-those-who-ask-for-javascript dept.

pkrasimirov writes:

A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?

As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

http://arxiv.org/abs/1507.06955

Full report can be found here (PDF)

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Rowhammer is Here... Next Heartbleed? | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Troll) by Anonymous Coward on Wednesday July 29 2015, @01:40AM

    by Anonymous Coward on Wednesday July 29 2015, @01:40AM (#215171)

    1. Adblock
    2. Bitcoin
    3. Basic income
    4. Manna
    5. Don't own a TV
    6. Vote Libertarian

    Starting Score:    0  points
    Moderation   -1  
       Troll=1, Total=1
    Extra 'Troll' Modifier   0  
    Total Score:   -1  

  • (Score: 0) by Anonymous Coward on Wednesday July 29 2015, @02:23AM

    by Anonymous Coward on Wednesday July 29 2015, @02:23AM (#215189)

    If you have such disdain, why come to this site?

  • (Score: 1, TouchĂ©) by Anonymous Coward on Wednesday July 29 2015, @08:58AM

    by Anonymous Coward on Wednesday July 29 2015, @08:58AM (#215342)

    1. Adblock

    This certainly also helps in reducing the probability of getting hacked, but if you already have NoScript, that's sufficient (however in case you accidentally enabled the wrong scripts, Adblock is certainly a second line of defense).

    2. Bitcoin

    Doesn't help at all against this attack.

    3. Basic income

    Helps even less against this attack.

    4. Manna

    Given that the story is published on a web site, which might get hacked and loaded with the exploit, reading the story actually increases the attack probability.

    Unless you were referring to the biblical food, then it certainly has no effect on your attack surface.

    5. Don't own a TV

    Not owning a smart TV of course means that you don't have to fear your TV to be hacked. But the same can be achieved using a dumb TV.

    6. Vote Libertarian

    I'm pretty sure that will not help against those attacks.