Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday July 29 2015, @12:48AM   Printer-friendly
from the for-those-who-ask-for-javascript dept.

A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?

As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

http://arxiv.org/abs/1507.06955

Full report can be found here (PDF)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by albert on Wednesday July 29 2015, @03:40AM

    by albert (276) on Wednesday July 29 2015, @03:40AM (#215221)

    Getting it to work is certainly harder, but not by a great deal. Even without the more advanced attack methods (directed results) you have only cut down the success probability by a very small factor.

    ECC is worthwhile I think, but don't imagine you are safe.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Insightful) by zeigerpuppy on Wednesday July 29 2015, @05:43AM

    by zeigerpuppy (1298) on Wednesday July 29 2015, @05:43AM (#215281)

    I doubt this attack would work at all against ECC,
    A single bit flip is detected and more than that causes a RAM error,
    It's very unlikely to get multiple flips that aren't detected.