Now the Rowhammer Attacks can be carried out remotely. The Attack can transfer control of your Computer or Mobile device to Attacker. Which can be further used for stealing financial information, carry out cyber-attack & spreading misinformation on your behalf, Identity theft and number of other cyber crimes.

What is Rowhammer Attack?

A Rowhammer Attack is a very systematic approach to exploit a bug in DRAM of your device. Every device contains RAM (The Random Access Memory). There are different types of RAMs used in a device, one of which is D-RAM (The Dynamic RAM).

RDMa Networks vs Non RDMA Networks
RDMA network vs NON RDMA Networks Image Credit T.H.N

The Rowhammer attack uses a vulnerability in programs of these DRAMs in order to gain access to a Computer or Mobile Device.

The Rowhammer vulnerability in DRAMs is known since 2010, the vulnerability iteself exists since invention of DRAM itself. There are three big DRAM manufacturers and they all shipped these DRAMs with this vulnerability. Unfortunately the DRAMs are integrated part of RAM chip.

The DRAM Memory Leak Vulnerability

DRAMs are basically chips that combine to make your RAM. These DRAMs store data in sequential blocks, the number of blocks used for a task can be determined by the Operating System.

If a Program reads / writes data of another program in memory directly, then it’s called Memory leak. Memory Leak is bad for security and victim program.

In order to prevent Memory Leaks the OS places a system of memory access, bypassing this system often leads to data theft and program crash.

What Rowhammer actually does?

Rowhammer carries out a set of operations that cause bit flips in adjacent rows. The computer memory contains data in form of 0 & 1, which are basically electrical charges stored in Memory.

OS prevents programs to use BUS to another program, & Rowhammer bypasses BUS and causes enough electrical fluctuation in order to flip the adjacent bit.

Here is abstract of a paper titled Flipping Bits in Memory without Accessing Them: An Experimental Study of DRAM Disturbance Errors by researchers.

Memory isolation is a key property of a reliable and secure computing system — an access to one memory address should not have unintended side effects on data stored in other addresses. However, as DRAM process technology scales down to smaller dimensions, it becomes more difficult to prevent DRAM cells from electrically interacting with each other. In this paper, we expose the vulnerability of commodity DRAM chips to disturbance errors. By reading from the same address in DRAM, we show that it is possible to corrupt data in nearby addresses. More specifically, activating the same row in DRAM corrupts data in nearby rows. We demonstrate this phenomenon on Intel and AMD systems using a malicious program that generates many DRAM accesses. We induce errors in most DRAM modules (110 out of 129) from three major DRAM manufacturers. From this we conclude that many deployed systems are likely to be at risk. We identify the root cause of disturbance errors as the repeated toggling of a DRAM row’s wordline, which stresses inter-cell coupling effects that accelerate charge leakage from nearby rows. We provide an extensive characterization study of disturbance errors and their behavior using an FPGA-based testing platform. Among our key findings, we show that (i) it takes as few as 139K accesses to induce an error and (ii) up to one in every 1.7K cells is susceptible to errors. After examining various potential ways of addressing the problem, we propose a low-overhead solution to prevent the errors

Sandbox Builder & Breaker (Cyber Security Engineer) Mark Seaborn, Thomas Dullien, reverse engineer, contributed to Google’s Project Zero in studying Rowhammer Attack.

The Rowhammer Working

There are malicious, popular yet harmful Softwares that can harm your mobile but this vulnerability exists since inception of DRAM.

Rowhammer Attack on x86 , x64 bit machines :

There are versions of Rowhammer attack but they all follow this basic strategy :

  1. Identify a data structure that grants privileges upon random bit flip. These privileges are escalated & grants access to the attacker
  2. Populate memory as much as possible with this data structure.
  3. Given that you have filled memory with your own data structure with flipped bits, you just have to wait for the bit flip to occur.

BUT BUT Java uses VMs so that’s safe, Right?

NO even JVM is not able to save you from this vulnerability!!!

  1. Rowhammer Attacks on JVM, just like normal x86 Attack.
  2. Populate memory with references instead of Data structure.
  3. Bit flip initiated the reference(s) to point to object of wrong type

Rowhammer Network Attack

Unlike Ransomware hit the medical industry the Rowhammer Network Attack a.k.a ‘Throwhammer,’ the newfound method could enable aggressors to dispatch Rowhammer assault on the focused on frameworks just by sending extraordinarily made bundles to the defenseless network cards over the local area network.

Known since 2012, Rowhammer is a serious issue with late age dynamic random access memory (DRAM) chips in which over and again accessing a row of memory can cause “bit flipping” in a contiguous row, enabling anybody to change the substance of PC memory.

Recommended  : Antivirus that you need most

The issue has since been misused in various approaches to accomplish remote code execution on the defenseless PCs and servers.

Scientists at the Vrije Universiteit Amsterdam and the University of Cyprus have now discovered that sending malicious bundles over LAN can trigger the Rowhammer assault on frameworks running Ethernet network cards outfitted with Remote Direct Memory Access (RDMA), which is regularly utilized as a part of mists and server farms.

Since RDMA-empowered network cards enable PCs in a network to trade information (with read and compose benefits) in the primary memory, mishandling it to access host’s memory in quick progression can trigger bit flips on DRAM.

Since setting off a bit flip requires a huge number of memory accesses to particular DRAM areas inside many milliseconds, an effective Throwhammer assault would require a rapid network of no less than 10Gbps.

In their test setup, analysts accomplished bit flips on a focused on server subsequent to accessing its memory 560,000 times in 64 milliseconds by sending parcels over LAN to its RDMA-empowered network card.

Since Rowhammer abuses a PC equipment shortcoming, no software fix can totally settle the issue. Analysts trust the Rowhammer danger isn’t just genuine yet additionally can possibly cause genuine, serious harm.

See Also :

Crack Attack | WiFi WPA security compromised worldwide, major casualties include Linux

Glitch: The Android Mobile Phone’s version of Rowhammer Attack

GLitch is the principal remote Rowhammer method that manipulates the graphics preparing units (GPU), which is found in every single mobile processor, rather than the CPU that was misused in all past hypothesized adaptations of the Rowhammer assault.

Unlike iPhone’s permission bug the Glitch allows Android Mobile Phone’s permissions to be rewritten by Attacker.

The vulnerability was first reported by VUSEC and according to them almost all Android devices might be affected from this Glitch.

Drammer is a new attack that exploits the Rowhammer hardware vulnerability on Android devices. It allows attackers to take control over your mobile device by hiding it in a malicious app that requires no permissions. Practically all devices are possibly vulnerable and must wait for a fix from Google in order to be patched. Drammer has the potential to put millions of users at risk, especially when combined with existing attack vectors like Stagefright.

The Drammer uses Rowhammer along with a technique called Flip Feng Shui to manipulate memory locations directly.

Flip Feng Shui or FFS is a procedure that takes into account dependable misuse of equipment drawbacks like Rowhammer by consolidating it with a memory rubbing crude (to arrive delicate information on a powerless area). Drammer is the first to demonstrate that such deterministic Rowhammer misuse is conceivable without depending on extravagant memory administration highlights.

The Affected Processors

Since the ARM processors inside Android smartphones incorporate a kind of store that makes it hard to get to focused lines of memory, specialists make utilization of GPU, whose reserve can be all the more effectively controlled, enabling programmers to pound focused on columns with no impedance.

At present, GLitch targets smartphones running the Snapdragon 800 and 801 framework on a chip—that incorporates both CPU and GPU.

In a video exhibit, the analysts demonstrate their JavaScript-construct GLitch assault in light of a Nexus 5 running over Mozilla’s Firefox browser to pick up read/compose benefits, enabling them to execute malicious code over the software.

See Also 11 Biggest Data breach Revealed in 2017, 100% of Yahoo Accounts were hacked

Patch ? Security Measures ?

Since Rowhammer misuses a PC equipment shortcoming, no software fix can totally settle the issue. Scientists say the Rowhammer risk isn’t just genuine yet in addition can possibly cause some genuine, serious harm.

In spite of the fact that there’s no real way to completely obstruct an Android telephone’s GPU from messing with the DRAM, the group has been working with Google on approaches to take care of the issue.

The system is named GLitch with initial two letters promoted on the grounds that it utilizes a broadly utilized browser-based graphics code library known as WebGL for rendering graphics to trigger a known glitch in DDR3 and DDR4 memory chips.

Keep yourself updated with latest developments of Tech world, follow Techscoop.in on Facebook, Twitter and Google+.

Comments

comments

Load More Related Articles
Load More By Sushant Bhargav
Load More In Tech News

Check Also

How to Speedup your Macbook | Basic Maintenance and Tricks

How to speed up your MacBook without overheating it. Basic Macbook maintenance is necessar…