Search This Blog

The Exploitation of Rowhammer Attack Just Got Easier

Serious Rowhammer attacks are now being carried out remotely over the targeted networks.

With an increase in the number of hacks and exploits focused solely on fundamental properties of underlying hardware, Rowhammer, is one such attack known since 2012 which is a serious issue with recent generation dynamic random access memory (DRAM) chips which oftentimes while accessing a column of memory can cause "bit flipping" in a contiguous line, enabling anybody to alter the contents of the PC memory.

All previously known Rowhammer attack methods required privilege acceleration, which implies that the attacker needed to have effectively found and exploited a weakness within the framework. Lamentably, that is no longer true as researchers have discovered that you can trigger a Rowhammer attack while utilizing network packets.

Termed as 'Throwhammer,' the newfound technique could enable attackers to dispatch Rowhammer attack on the said focused frameworks just by sending uniquely crafted packets  to the vulnerable system cards over the Local Area Network.

A week ago, security researchers point by point developed a proof-of-concept Rowhammer attack strategy, named GLitch, that uses installed graphics processing units (GPUs) to carry out the Rowhammer attacks against Android gadgets.

Be that as it may, all previously known Rowhammer attack methods required privilege acceleration on a target device, which means that the attackers needed to execute code on their focused machines either by drawing casualties to a pernicious site or by deceiving them into installing a malignant application.

Tragically, this limitation has now been eliminated, at least for some devices.
Researchers at the Vrije Universiteit Amsterdam and the College of Cyprus have now discovered that sending despiteful packets over LAN can trigger the Rowhammer attack on systems running Ethernet network cards outfitted with Remote Direct Memory Access (RDMA), which is generally utilized as a part of clouds and data centres.

Since RDMA-enabled network cards allow computers in a system to trade information (with read and write privileges) in the fundamental memory, mishandling it to get to host's memory in fast progression can trigger bit flips on DRAM.

"We rely on the commonly-deployed RDMA technology in clouds and data centres for reading from remote DMA buffers quickly to cause Rowhammer corruptions outside these untrusted buffers, these corruptions allow us to compromise a remote Memcached server without relying on any software bug." researchers said in a paper [PDF] published Thursday.

Since activating a bit flip requires a huge number of memory accesses to particular DRAM locations within milliseconds, a fruitful  Throwhammer attack would require a very high-speed network of no less than 10Gbps.

In their experimental setup, the researchers achieved bit flips on the said focused server subsequent to accessing its memory 560,000 times in 64 milliseconds by sending packets over LAN to its RDMA-empowered network card.

Since Rowhammer exploits a computer hardware weakness no software fix can completely settle the issue once and for all. Researchers trust that the Rowhammer risk isn't just genuine but also has the potential to cause serious damage.

For additional in-depth knowledge on this new attack technique, the users' can access this paper published by the researchers on Thursday [PDF], titled
 "Throwhammer: Rowhammer Assaults over the System and Resistances"

Share it:

Android devices.