Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

The Rowhammer is Here... Next Heartbleed?

posted by janrinok on Wednesday July 29 2015, @12:48AM   Printer-friendly
from the for-those-who-ask-for-javascript dept.

pkrasimirov writes:

A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?

As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
In this paper we present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

http://arxiv.org/abs/1507.06955

Full report can be found here (PDF)

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Rowhammer is Here... Next Heartbleed? | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by q.kontinuum on Wednesday July 29 2015, @05:12AM

    by q.kontinuum (532) on Wednesday July 29 2015, @05:12AM (#215275) Journal

    This bug defeats the hardware-backed security concepts of the PC, thus also defeating the the operating system security measures depending on the hardware. It also defeats the sandbox-security-model of the javascript interpreter. Your recommendations would even render an MS DOS computer secure, but also pretty unusable. If you consider this "mitigatable", you could also propose to stop using computers altogether.

    I do use NoScript for my private purposes already, but that is only supposed to protect the data of the same user. Protection of other users data or from other users attack on the same system is the task of the OS.

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2