Tuesday, 10 March 2015

Researchers Develop Attack For Leakage In DRAM Memory

Google researchers have developed an attack for a leak in some DDR3 memory chips so they can get kernel rights on Linux systems or sandboxes can break. " Rowhammer "as the attack is called, is a problem with some DRAM memory chips last year by researchers was discussed.

Memory chips are arranged in a kind of grid pattern of "rows" and "columns". In recent years, memory chips have become increasingly larger capacity, in which the memory cells to be placed closer and closer together. Therefore the costs, but the cell density has negative consequences for the reliability of the memory.

According to researchers, this density can ensure that the cells have an impact on each other. By repeatedly accessing memory rows can corrupt data in adjacent rows. The attack, the researchers takes advantage of Google, which repeatedly accessing a memory array can ensure that bits are in adjacent rows "flipped".

By flipping of these bits, it is ultimately possible to read-write access to get to the entire physical memory, after which it is possible to get kernel rights. A second exploit that developed the Google researchers makes it possible to escape from a sandbox system for the browser.


The presence of the problem, was tested on 29 different laptops, 15 of which were found to be vulnerable. The total number of vulnerable machines worldwide unknown, and the percentage of affected systems that can be patched. However, the researchers argue that the attack can be adapted to other operating systems. The attack is preventable. So memory manufacturers must ensure that if a system refreshes the DRAM memory, a particular row is not changed often without this happening at nearby stores.

According to security expert Robert Graham require end users to worry about just this vulnerability, but it could be a problem with other bugs. It is also a problem for designers of security solutions, hardware and software, says Graham. The researchers suggest in the report that they were not working for ECC memory the attack. This is memory that can correct errors, but according to Graham, this type of memory still susceptible if an attacker can flip multiple bits.

Meanwhile, network giant has Cisco a study set to sensitive products. In addition, researchers at Google have a tool put online which can be tested on the DRAM problem. They warn that while the use of the tool is not without risks, because these systems can crash.

No comments:

Post a Comment