Rowhammer is deadlier than thought

Rowhammer is deadlier than thought 1
Rowhammer raises its head again

Rowhammer, an extraordinarily intricate and technically innovative hack which was first proven to affect commercial grade memory chips in 2014 and subsequently fixed, has reared its head again in a new exploit that can bypass the protective measures.

In a research paper published a few days ago, a team of researchers, demonstrated that the Error Correcting Code (ECC), which was believed to be the complete fix to the problem can be bypassed by a new exploit.

The exploit which has been dubbed ECCploit, was developed over a year by the researches at Vrije Universiteit Amsterdam to demonstrate that the best defence against Rowhammer isn’t sufficient.

What is Rowhammer?

Rowhammer is by far one of the most fiendish, and extremely technical exploits ever seen as
it combines both hardware and software hacking in an unfathomable way.

So how does Rowhammer work?

To explain it in layman terms, any memory uses bits of data stored in rows which are independent. So when you store your name, it is converted in bits and then stored in these cells which are adjacent as an electrical charge that denotes either 0 or 1 (bits).

Rowhammer is deadlier than thought 2

Rowhammer uses this principle, whereby it repeatedly executes a program on a row of these memory cells (or transistors). And it literally “hammers” the row this some of the electricity is leaked into the adjacent row.

The issue is that these charges can change either naturally (due to natural discharge), or randomly (due to effects of cosmic rays and other factors).

Now a skilled attacker can use this method to create create specific patterns of data in the memory thus allowing them access to some of the systems resources.

As mentioned earlier, extremely technical and almost unfathomable.

How dangerous is Rowhammer and what next?

It is extremely dangerous because it can be used for various types of attacks. At the minimum, it is a type of data theft exploit, however, it has been used in some privilege escalation exploits as well to gain superuser access in phones and operating systems, including remote hijacking of systems.

The good news is, the ECCploit has only been tested in labs, and required the researches to reverse engineer the ECC method by first using cold-boot attacks (which is basically supercooling a memory so the data inside it doesn’t drain). It also required the researchers to have physical access to the systems to do so.

Video showing a Cold-Boot attack to reverse engineer ECC

The bad news is, it is not that straightforward to mitigate and affects multiple hardware platforms including AMD Opteron and Intel Xeon. 

While there is no indication that this could result in an imminent threat, but the fact remains that ECCploit is a major risk for major public cloud provider security.

ALSO READ Ranked - Tops 5 Launchers for Android - 2018

Leave a Comment