Technology, Top News

Rowhammer-based RAMBleed attack can extract data from memory

Rowhammer-based RAMBleed attack can extract data from memory

An extremely bad artist’s impression of RAMBleed

DATA STORED IN DRAM MODULES can be compromised by a vulnerability called ‘RAMBleed, uncovered by a group of academic researchers.

Boffins from the University of Michigan, Graz University of Technology, the University of Adelaide and Data61 discovered the vulnerability is a side-channel attack that makes use of the Rowhammer exploit and allows secretive things like cryptographic keys to be pilfered from vulnerable DRAM modules.

Rowhammer would bork DRAM by rapidly accessing the physical rows in the vulnerable memory chips to effectively hammer them into causing bits in neighbouring rows to flip their bits from 0 to 1 and vice versa.

But RAMBleed takes this technique and uses it not to ruin data but to extract it from parts of memory that are normally off-limits to intruders.

“Previous research mostly considers Rowhammer as a threat to data integrity, allowing an unprivileged attacker to modify data without accessing it,” the researchers explained.

“With RAMBleed, however, we show that Rowhammer effects also have implications on data confidentiality, allowing an unprivileged attacker to leverage Rowhammer-induced bit flips in order to read the value of neighbouring bits.”

The attack does require that hackers have access to areas of the memory where the exploit code has permission to access, but once that’s in place RAMBleed can extract data from DRAM modules that are protected by error correcting code which would normally spot and stop dodgy bit flipping techniques.

“Remarkably, RAMBleed can break memory confidentiality of ECC memory, even if all bit flips are successfully corrected by the ECC mechanism,” the researchers noted.

The vulnerability, tracked under CVE-2019-0174, isn’t necessarily one you need to worry about too much – it scored a 3.8 out of 10 for in the Common Vulnerability Scoring System, as the majority of DDR4 DRAM modules are resistant to Rowhammer-style attacks and exploiting the vulnerability takes a bit of effort if Ars Technica‘s breakdown is anything to go by.

Nevertheless, to prevent RAMBleed from being a problem later on down the line, security researchers and engineers will still need to find ways to mitigate it.

After all, a bit like the Spectre and Meltdown vulnerabilities, there seems to be scope to find new ways to exploit Rowhammer in fresh hack techniques, even if they remain in the labs of security researchers. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend