The hackers in Google’s Project Zero team have unveiled a serious security vulnerability lurking in DRAM devices, and it includes a bug that may have been purported as a reliability issue by the hardware industry.
Called the ‘rowhammer exploit’, and first highlighted in a research paper created by Intel Labs and Carnegie Melon University, the problem stemsf from the way particular DRAM – primarily those residing in x86-based notebooks – face a problem where hammering a given memory row can cause bits in other memory rows to spontaneously flip.
“We don’t know for sure how many machines are vulnerable to this attack, or how many existing vulnerable machines are fixable,” said the researchers. “Our exploit uses the x86 CLFLUSH instruction to generate many accesses to the underlying DRAM, but other techniques might work on non-x86 systems too.”
The issue that was demonstrated last year revealed that such a corruption of memory could be provoked by repeatedly accessing a given memory row in a short span of time; this enabled sufficient charge to leak from the row and caused an adjacent row to flip; in other words, caused the value to change from 1 to 0, or vice versa, revealed the study.
Researchers at Google demonstrated a way to make use of the effect by targeting particular memory rows that could, when flipped, allow the code to gain higher privileges. An attacker, as a result, could use the outcome to run a malicious code on a PC with administrator privileges.
The two exploits ran on a laptop featuring Linux OS, x86-64 processors, and a certain DDR3 memory, but Google stated that a variety of platforms could be vulnerable. The memory used in some lower-end desktops and laptops is quite vulnerable as it doesn’t have error-correcting capabilities as found in high-end servers and desktops.
One of the exploits, developed by the company’s engineers Thomas Dullien and Mark Seaborn, operated as a module on the Chrome Browser, with a feature known as Native Client that enabled the browser to run a desktop code in a safe environment; the exploit enabled the code to escape the limits of the sandbox. Google stated that it modified the native client feature to eliminate the instruction that enabled the exploit to function.
The second exploit, running as a Linux process, gained access to the physical memory of the system. Google stated that such an exploit would be more difficult for companies to protect against. The exploits include accessing particular memory rows more than 540,000 times within 64 milliseconds. The company stated that the intent of the research was to make the computer hardware industry more aware about security vulnerabilities, and bring improvement in its responsiveness to providing remedies for such vulnerabilities.
Researchers at Project Zero are asking CPU makers, DRAM manufacturers, and BIOS creators to publish more details about the steps they’ve taken to mitigate bugs like rowhammer on their devices. Not only should it assist in screening out false negatives, but might also give OS and software makers a route to uptight their security against such exploits.