Your operating system may be as relevant as it is only
possible, all security patches are installed.
Additional security software running, no enemy can not process
unauthorized done nothing wrong. But what to do if an attacker can
physically change the contents of RAM, giving your permission processes
Administration? This highly sophisticated technique of attack
presented this week, researchers google’owego Project Zero,
showing that regular access to certain areas
DRAM actually can lead to disorders that change
the contents of the memories – and which may be used to
attack computer systems.
The very concept of such a method of manipulating the contents of the memory
was presented
last year by researchers at Intel and Carnegie Mellon University.
They used the fact that the continuing miniaturization leads to
growth of individual cells susceptibility to interference DRAM
caused by operations on adjacent cells. Fast,
multiple read operations to the same address can spoil content
other cells – and for such interference, which goes by the name
“Rowhammer”, prone to be the vast majority of the modules
memory. During the experiments, this effect could be observed in 110
of the tested memory 129 models, derived from the three
leading manufacturers of DRAM chips.
From creating distortion to take control of the road system
but still far away, but this solution engineers found
Google Mark Seaborn and Thomas Dullien. This is probably the first case,
When the resulting physical properties of the equipment, in a way analogue
susceptibility, is used to attack the layers
a software. A report published in the pages of the blog Project Zero entry
They describe how using the “rowhammera” obtained
access to the memory areas, which in no way otherwise
could touch it. “Hitting” sequences of read operations
two nearby storage areas – “aggressors” –
allowed them to change one or more bits in the area attacked.
The attack was carried out on 64-bit Linux machine.
The first exploit
was launched as a module in the context of Native Client
Chrome, which is inside a very difficult to break through
sandboksa – and yet managed to get the kernel privileges. Susceptibility
This, fortunately, was able to remove the blocking application is necessary for
cflush the instructions in NativeCliencie in recent versions of Chrome.
The second exploit,
acting as a regular Linux process, it will be much harder
to block – rolls bits in the page table entry
Memory (PTE), thereby obtaining full access to the entire memory.
The discovery Seaborn and Dullien collects praise themselves, they joined
Indeed it deep technical knowledge of the hacker creativity. Not
only created a way to escape from or obtain sandboksu
root privileges by switching a single bit, but also
find ways to increase their chances of getting into this bit,
so that the attack was well outside the laboratory sense.
susceptible to this threat, only the newer types of DDR3 memory –
for example, if someone is working. DDR2 still can feel safe.
Similarly, in the case of DDR4 memory, which use controllers
immunizing techniques for Rowhammera. Even users
DDR3 memory should not panic, the chance that the typical pests
begin to apply this technique has been rather small. It requires
excellent recognition system-sacrifice and works only locally. As
explain explorers, it is necessary to carry out at least here
540 thousand. access operations to the memory cells in less than 64
milliseconds. Interestingly, the security of ECC (error correction) can not
enough, if a hacker manages to change the contents of a few bits
at the same time.
But it is a very interesting line of research for the whole
security industry, both whitehatów and blackhatów. A few years
This allowed
to find a way to extract the cryptographic keys
virtual servers running on the same physical host.
Low-level monitoring of the behavior of the shared components
architecture allowed to circumvent the logical isolation of virtual machines. The
the case of the attack on the DRAM descend even lower, to the same
electrical properties of the equipment – and protect against
such an attack in the software’s way way. Experts expect
that it will not be the last of this type of technique, in which weakness
hardware is rotated against the software.
No comments:
Post a Comment