A team of researchers representing several universities has disclosed the details a new type of side-channel attack: Researchers show with RAMBleed that it’s possible to use Rowhammer-style side-channel attacks to read protected memory. RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware bug to extract sensitive data stored in memory regions that are off-limits to attackers. RAMBleed technique exploits the ever-shrinking dimensions of DRAM chips.
RAMBleed attacks work against devices that use DDR3 and DDR4 memory modules. It does now work older DDR1 and DDR2 seen on old PCss and many embedded systems.RAMBleed side-channel attack works even when DRAM is protected by error-correcting code because unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.
The attack is possible now on some vulnerable Linux systems: Researchers found a way to abuse the Linux buddy allocator to allocate a large block of consecutive physical addresses memory on which they could orchestrate their attack. Researchers designed a new mechanism, which they called “Frame Feng Shui,” for placing victim program pages at a desired location on the physical memory. Researchers developed a new method of arranging data in memory and hammering memory rows to infer what data is located in nearby memory cells, rather than just produce a bit flip from 0 to 1, and vice versa.
The researchers were able to steal 2048-bit RSA crypto key (in this case SSH key but this could have been any crypto key). RAMBleed can potentially read any data stored in memory.
Oracle has released an advisory for RAMBleed and other vendors will likely do the same. Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice. This does not completely block Rowhammer attacks, but it does make them much more difficult – hopefully difficult enough not to be an issue. Oracle does not believe that additional software patches will need to be produced to address the RAMBleed issues.
Is there a CVE number? Yes, see CVE-2019-0174.
Sources:
https://www.zdnet.com/article/
https://cve.mitre.org/cgi-bin/
https://www.securityweek.com/
https://blogs.oracle.com/
https://www.zdnet.com/article/
5 Comments
Tomi Engdahl says:
Paper at
https://rambleed.com/docs/20190603-rambleed-web.pdf
Data can be read few bits per second
Tomi Engdahl says:
https://hackaday.com/2019/06/21/this-week-in-security-sack-of-death-rambleed-hibp-for-sale-and-oracle-weblogic-again/
Tomi Engdahl says:
FPGA cards can be abused for faster and more reliable Rowhammer
attacks
https://www.zdnet.com/article/fpga-cards-can-be-abused-for-faster-and-more-reliable-rowhammer-attacks/
Seeing that FPGA-CPU architectures are becoming more common, a team of
researchers from the Worcester Polytechnic Institute in the US, the
University of Lubeck in Germany, and Intel, have looked into how
Rowhammer attacks impact this new cloud setup.. Furthermore, the
academic team also found that a JackHammer attack is much more
difficult to detect because of the FPGA’s direct access to system
resources leaves no traces on the CPU of the FPGA’s memory access
operations. Since most anti-Rowhammer detection systems are configured
at the CPU level, this opens a new blindspot in CPU and cloud
security.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Researchers say they used a new Rowhammer exploit to successfully flip bits on all 40 PC-DDR4 DRAM devices they tested, defeating recent hardware mitigations — Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits. — Rowhammer exploits that allow unprivileged attackers …
DDR4 memory protections are broken wide open by new Rowhammer technique
Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits.
https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/
Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.
Rowhammer attacks work by accessing—or hammering—physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things.
All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows—meaning those that cause bitflips in nearby “victim” rows—are accessed the same number of times.
Bypassing all in-DRAM mitigations
Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work from the same researchers.
“We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”
The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to.
Blacksmith
https://comsec.ethz.ch/research/dram/blacksmith/
We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScript, on smartphones, across VMs in the cloud, and even over the network.
Rowhammer is a vulnerability caused by leaking charges in DRAM cells that enables attackers to induce bit flips in DRAM memory. To stop Rowhammer, DRAM implements a mitigation known as Target Row Refresh (TRR). Our previous work showed that the new n-sided patterns can still trigger bit flips on 31% of today’s PC-DDR4 devices. We propose a new highly effective approach for crafting non-uniform and frequency-based Rowhammer access patterns that can bypass TRR from standard PCs. We implement these patterns in our Rowhammer fuzzer named Blacksmith and show that it can bypass TRR on 100% of the PC-DDR4 DRAM devices in our test pool. Further, our work provides new insights on the deployed mitigations.
How bad is it?
For our evaluation, we considered a test pool of 40 DDR4 devices covering the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its capability to find effective patterns. Thereafter, we swept the best pattern (based on the number of total bit flips triggered) over a contiguous memory area of 256 MB and report the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices of manufacturers A and D.
We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to pivot it to an attacker-controlled page table page, an attack on the RSA-2048 public key that allows recovering the associated private key used to authenticate to an SSH host, and an attack on the password verification logic of the sudoers.so library that enables gaining root privileges.
You can a demo of our Blacksmith fuzzer below, showing how easy and quick it is to find bit flips on TRR-enabled DDR4 devices.
BLACKSMITH: Scalable Rowhammering in the Frequency Domain
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
Tomi Engdahl says:
Blacksmith: Rowhammer Fuzzer Bypasses Existing Protections
https://www.securityweek.com/blacksmith-rowhammer-fuzzer-bypasses-existing-protections
A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips.
The Rowhammer issue, which has been around for roughly one decade, exists because cells on DRAM chips are smaller and closer to each other, making it difficult to prevent electrical interaction between them. Thus, by repeatedly accessing data in a row of memory, data in nearby rows may become corrupted.
To mitigate the flaw, Target Row Refresh (TRR) was introduced in DRAM but a group of researchers managed to bypass the protection using “non-uniform and frequency-based Rowhammer access patterns.”
All Rowhammer access patterns published to date exploit rows uniformly, and TRR exploits this behavior to identify ‘aggressor’ rows and refresh nearby ‘victim’ rows to prevent failure.
However, as smaller technology nodes are used, the underlying DRAM technologies are increasingly vulnerable, resulting in fewer accesses being needed to trigger bit flips in DRAM memory. Thus, non-uniform access patterns can be used to bypass TRR, the researchers said in a paper documenting the work.
The researchers conducted experiments on 40 DDR4 DIMMs (from Samsung, Micron, and SK Hynix) to explore the possibility of bypassing mitigations through “accessing aggressor rows in non-uniform access patterns.”
BLACKSMITH: Scalable Rowhammering in the Frequency Domain
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf