Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday July 29 2015, @12:48AM   Printer-friendly
from the for-those-who-ask-for-javascript dept.

A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?

As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

http://arxiv.org/abs/1507.06955

Full report can be found here (PDF)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by cfalcon on Wednesday July 29 2015, @05:06AM

    by cfalcon (5731) on Wednesday July 29 2015, @05:06AM (#215272)

    A lot of content is gated behind javascript, and it's very hard to get around it appropriately, especially on mobile. I despise javascript so much it's actually hilarious, and I constantly wonder why browsers obey shitty commands like "hide this user control", "pop up this thing", etc.

    I skip out on a lot of it when that happens.

    Javascript isn't supposed to be code execution. Today it very much is. That's ludicrous.

    Anyway, this whole thing sounds sensationalized. The proof of concept worked on some specific laptop, I'm to expect that this javascript will work on a tower with plenty of power and such? Rowhammer is fascinating, but I doubt that it's the same kind of vulnerability as we see elsewhere.

  • (Score: 0) by Anonymous Coward on Wednesday July 29 2015, @09:15AM

    by Anonymous Coward on Wednesday July 29 2015, @09:15AM (#215344)

    A lot of content is gated behind javascript

    When I encounter content gated behind JavaScript, my answer most often is simply to not read that content. Probably I don't miss anything important that way.

    • (Score: 0) by Anonymous Coward on Wednesday July 29 2015, @03:36PM

      by Anonymous Coward on Wednesday July 29 2015, @03:36PM (#215507)

      THIEF... How dare you withhold your eyeballs from our adver^H^H^H^Hcontent...