Winston
Lorenzo von Matterhorn
- Joined
- Jan 31, 2009
- Messages
- 9,560
- Reaction score
- 1,749
I wonder if there's any mention of this is in any of Snowden's released NSA files. You'd think there definitely would be if it was actually a useful exploit:
Lo, Rowhammer!
Security researchers just revealed a computer vulnerability that’s frightening, amazing, and unlike anything else
28 Jul 2015
https://www.slate.com/articles/tech..._new_security_attack_is_truly_terrifying.html
Security fixes, from Chrome patches to Windows hotfixes, hold the walls in place. But what if you had a security hole you couldn’t patch?
Rowhammer.js, a new security attack revealed in a paper by security researchers Daniel Gruss, Clémentine Maurice, and Stefan Mangard, brings a truly new wrinkle to our understanding of computer vulnerabilities. “But I keep my system patched and up to date!” you might say. Rowhammer is here to tell you that’s not enough. Though the tech industry has known about the bug that Rowhammer exploits for several years, it was only this March that researchers at Google’s Project Zero revealed how it could be used by attackers.
Why is Rowhammer so scary? Because it doesn’t afflict your software but finds a weakness in your hardware, a physical problem with how current memory chips are constructed. So it doesn’t matter whether you’re using Linux, Windows, or iOS: If an Intel chip (or an AMD one, or possibly others) is inside, so is Rowhammer. Incredibly, Gruss, Maurice, and Mangard’s paper reveals how to exploit it from a simple webpage.
Chipmakers have known about Rowhammer since at least 2012. The problem affects Intel processors going back as far as 2009. Describing a remote Javascript attack using Rowhammer, Gruss, Maurice, and Mangard’s paper is a wake-up call. Previously, taking advantage of Rowhammer required local program execution on a computer—in other words, the computer already needed to be partly compromised. But now, any webpage can potentially exploit Rowhammer to arbitrarily access your data, perhaps even by gaining full control over the computer. And again, it doesn’t matter what operating system you’re using, since the problem is in the physical circuits of your memory chips. As the security researchers explain, it is “the first remote software-induced hardware-fault attack.”
There is some good news: Rowhammer is difficult to control. While it’s comparatively easy to use Rowhammer to flip unauthorized bits, it’s considerably harder to flip the right bits in order to take control of a computer. It’s been done, but only locally so far; the Rowhammer.js paper doesn’t provide a full exploit to take control of a computer. Rowhammer.js’s bitflips could crash your computer or give a hacker a peek at unauthorized data, but full remote access might prove more of a challenge. Consequently, as Gruss told me, the likelihood of being attacked via Rowhammer right now is low; there are easier avenues of attack currently available. The paper’s attack would work best, Gruss said, if you “attacked thousands of machines and succeeded on a few of them.” This doesn’t rule out the possibility of more advanced exploits, however. The significance is not in the ease of the vulnerability, but in its pervasiveness and the difficulty of fixing it—as well as the conceptual scariness of random webpages making your physical hardware malfunction.
Lo, Rowhammer!
Security researchers just revealed a computer vulnerability that’s frightening, amazing, and unlike anything else
28 Jul 2015
https://www.slate.com/articles/tech..._new_security_attack_is_truly_terrifying.html
Security fixes, from Chrome patches to Windows hotfixes, hold the walls in place. But what if you had a security hole you couldn’t patch?
Rowhammer.js, a new security attack revealed in a paper by security researchers Daniel Gruss, Clémentine Maurice, and Stefan Mangard, brings a truly new wrinkle to our understanding of computer vulnerabilities. “But I keep my system patched and up to date!” you might say. Rowhammer is here to tell you that’s not enough. Though the tech industry has known about the bug that Rowhammer exploits for several years, it was only this March that researchers at Google’s Project Zero revealed how it could be used by attackers.
Why is Rowhammer so scary? Because it doesn’t afflict your software but finds a weakness in your hardware, a physical problem with how current memory chips are constructed. So it doesn’t matter whether you’re using Linux, Windows, or iOS: If an Intel chip (or an AMD one, or possibly others) is inside, so is Rowhammer. Incredibly, Gruss, Maurice, and Mangard’s paper reveals how to exploit it from a simple webpage.
Chipmakers have known about Rowhammer since at least 2012. The problem affects Intel processors going back as far as 2009. Describing a remote Javascript attack using Rowhammer, Gruss, Maurice, and Mangard’s paper is a wake-up call. Previously, taking advantage of Rowhammer required local program execution on a computer—in other words, the computer already needed to be partly compromised. But now, any webpage can potentially exploit Rowhammer to arbitrarily access your data, perhaps even by gaining full control over the computer. And again, it doesn’t matter what operating system you’re using, since the problem is in the physical circuits of your memory chips. As the security researchers explain, it is “the first remote software-induced hardware-fault attack.”
There is some good news: Rowhammer is difficult to control. While it’s comparatively easy to use Rowhammer to flip unauthorized bits, it’s considerably harder to flip the right bits in order to take control of a computer. It’s been done, but only locally so far; the Rowhammer.js paper doesn’t provide a full exploit to take control of a computer. Rowhammer.js’s bitflips could crash your computer or give a hacker a peek at unauthorized data, but full remote access might prove more of a challenge. Consequently, as Gruss told me, the likelihood of being attacked via Rowhammer right now is low; there are easier avenues of attack currently available. The paper’s attack would work best, Gruss said, if you “attacked thousands of machines and succeeded on a few of them.” This doesn’t rule out the possibility of more advanced exploits, however. The significance is not in the ease of the vulnerability, but in its pervasiveness and the difficulty of fixing it—as well as the conceptual scariness of random webpages making your physical hardware malfunction.
Last edited:
