Rowhammer exploits that allow unprivileged attackers to modify or corrupt data stored in vulnerable memory chips are now possible on virtually any DDR4 module thanks to a new approach that neutral defense chipmakers have added to make their products more resistant to such attacks.
Rowhammer attacks work by accessing – or hammering – physical rows inside vulnerable chips millions of times per second in a way that flips bits in neighboring rows, which means 1s become 0s and vice versa. versa. Researchers have shown that attacks can be used to give untrusted applications nearly unlimited system privileges, bypass security sandboxes designed to prevent malicious code from accessing sensitive operating system resources, and root or infect them. Android devices, among others.
All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” lines, that is to say those which cause bit breaks in neighboring “victim” lines, are consulted the same number of times.
Bypass all mitigations in DRAM
Research published monday introduced a new Rowhammer technique. It uses non-uniform patterns that access two or more rows of attackers with different frequencies. The result: All 40 randomly selected DIMMs from a test pool underwent bitflips, compared to 13 of 42 chips tested in previous job from the same researchers.
“We have found that by creating special memory access models, we can bypass any mitigations deployed in DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases to 80% the number of devices that can potentially be hacked with known attacks, according to our analysis. These issues cannot be corrected due to their hardware nature and will stay with us for many years to come. “
Non-uniform patterns work against refreshing the target row. Short for TRR, mitigation works differently from provider to provider, but typically tracks the number of line accesses and recharges neighboring victim lines when there are signs of abuse. Overriding this defense puts additional pressure on chipmakers to mitigate a class of attacks that many people believed the newer types of memory chips to be resistant to.
In Monday’s article, the researchers wrote:
The proprietary and undocumented in-DRAM TRR is currently the only mitigation that comes between Rowhammer and attackers who exploit it in various scenarios such as browsers, cellphones, the cloud and even over the network. In this article, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits over the recently acquired 40 DDR4 DIMMs – 2.6 times more than the state of the art. The effectiveness of these new, non-uniform models in circumventing TRR highlights the need for a more principled approach to dealing with Rowhammer.
The effects of Rowhammer’s previous demonstrations have been severe. In one case, researchers were able to gain unrestricted access to all physical memory by flipping bits in the page table entry, which maps the locations of memory addresses. The same research also demonstrated how untrusted applications could gain root privileges. In another case, the researchers used Rowhammer to extract a 2048-bit encryption key from memory.
Razavi and Jattke said one of their students was able to use the new approach to replicate the crypto-key attack, and the simulations suggest the other attacks are possible as well. The researchers did not fully implement the previous attacks due to the significant amounts of engineering required.
The researchers implemented the non-uniform access patterns using a custom “fuzzer,” which is software that detects bugs by automatically injecting malformed data in a semi-random fashion into a piece of hardware or software. . The researchers then pointed Blacksmith, the name they gave the fuzzer, to a wide variety of DDR4 modules that make up about 94% of the DRAM market.
For our assessment, we considered a test pool of 40 DDR4 devices spanning the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its ability to find effective models. Subsequently, we swept away best model (based on the total number of triggered bit flips) over a contiguous 256MB memory area and reports the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is capable of triggering bit toggles on all 40 DRAM devices with a large number of bit toggles, especially on [two unnamed manufacturers].
We also assessed the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to rotate it to a page table entry. page table controlled by an attacker, an attack on the RSA- Public key 2048 which allows to recover the associated private key used to authenticate with an SSH host, and an attack on the password verification logic of the sudoers.so library which allows you to obtain root privileges.
Representatives for Micron, Samsung and Hynix did not respond to emails seeking comment on this post.
Gradually gain speed
PCs, laptops and mobile phones are the most affected by the new discoveries. Cloud services like AWS and Azure remain largely immune from Rowhammer as they use high-end chips that include a defense called ECC, short for Error Correcting Code. The protection works by using so-called memory words to store redundant control bits alongside the data bits inside the DIMMs. Processors use these words to quickly detect and repair reversed bits.
ECC was originally designed to protect against a natural phenomenon in which cosmic rays flip bits in new DIMMs. After Rowhammer’s appearance, the importance of the ECC increased when it turned out to be the most effective defense. But research published in 2018 showed that, contrary to what many experts believed, ECC can also be bypassed after reverse engineering of mitigation in DDR3 DIMMs.
“DDR4 systems with ECC will likely be more usable after reverse engineering the ECC functions,” said researchers Razavi and Jattke.
Besides Razavi and Jattke from ETH Zurich, the team behind the research also includes Victor van der Veen from Qualcomm, Pietro Frigo from VU Amsterdam and Stijn Gunter. The title of their article is BLACKSMITH: Evolutionary Rowhammer in Frequency Domain.
The researchers also cited their earlier research on TRR, mentioned earlier, and the results here which show that running chips in dual refresh mode is a “weak solution that does not offer complete protection” against Rowhammer. The researchers also said that a double refresh rate increases performance overhead and power consumption.
The picture that emerges from this latest research is that Rowhammer still doesn’t pose a real threat in the real world, but the incremental advancements in attacks over the years may one day change that.
“In conclusion, our work confirms that the claims made by DRAM vendors about Rowhammer protections are false and lure you into a false sense of security,” the researchers wrote. “All currently deployed mitigation measures are insufficient to provide complete protection against Rowhammer. Our new models show that attackers can exploit systems more easily than previously assumed. “