Side-channel attacks are some of the scariest exploits ever. They don't usually exploit vulnerabilities in code, they exploit the fundamental implementation of computer systems themselves. Therefore, they're often hardware-based.
Dynamic random-access memory, or DRAM for short, is one of the most common types of memory found in modern computers used by both consumers and businesses. For example, the memory in an x86-64 based PC, such as one based on an Intel Core i7 CPU, is typically DRAM. The same goes for the memory in popular devices like video game consoles. DRAM is frequently used in the computers we see every day because it can be made to be high-capacity for limited cost.
There’s one major physical problem with DRAM, and that’s the rowhammer vulnerability. Because of how DRAM (DDR) works, its individual memory cells can leak their charges and interact electrically between themselves.
Applications and specific operating system processes are authorized to access only certain parts of your computer’s memory. For example, my web browser is supposed to access some memory addresses, and the part of my operating system that executes new applications is supposed to access other memory addresses. Think of four poker players sitting at a table, and each player is only allowed to see what’s in their own hand. But if one of the poker players falls off of their chair and towards the table, they can also knock over one of their neighboring players and see which cards are in their hand. Very clever!
Dan Goodin did an excellent job of explaining rowhammer attacks a few years ago:
“DDR memory is laid out in an array of rows and columns, which are assigned in large blocks to various applications and operating system resources. To protect the integrity and security of the entire system, each large chunk of memory is contained in a ‘sandbox’ that can be accessed only by a given app or OS process. Bit flipping works when a hacker-developed app or process accesses two carefully selected rows of memory hundreds of thousands of times in a tiny fraction of a second. By hammering the two ‘aggressor’ memory regions, the exploit can reverse one or more bits in a third ‘victim’ location. In other words, selected zeros in the victim region will turn into ones or vice versa.
The ability to alter the contents of forbidden memory regions has far-reaching consequences. It can allow a user or application who has extremely limited system privileges to gain unfettered administrative control. From there, a hacker may be able to execute malicious code or hijack the operations of other users or software programs. Such elevation-of-privilege hacks are especially potent on servers available in data centers that are available to multiple customers.”
Diving Into the Rowhammer Exploit
The latest rowhammer exploit is giving IT and security professionals cause for concern. The RAMBleed exploit (PDF) was discovered by Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss from the Graz University of Technology, and Yuval Yarom from the University of Adelaide. They wrote about RAMBleed’s implications for rowhammer exploits in general:
“The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. Previous work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, often resulting in privilege escalation. It is widely assumed however, that bit flips within the adversary's own private memory have no security implications, as the attacker can already modify its private memory via regular write operations.
We demonstrate that this assumption is incorrect, by employing Rowhammer as a read side channel. More specifically, we show how an unprivileged attacker can exploit the data dependence between Rowhammer induced bit flips and the bits in nearby rows to deduce these bits, including values belonging to other processes and the kernel. Thus, the primary contribution of this work is to show that Rowhammer is a threat to not only integrity, but to confidentiality as well."
This exploit threatens the safety of DRAM data used by applications and our operating systems. Malware can be developed to run in RAM to acquire unauthorized data in nearby memory cells. It's a pretty severe privilege escalation vulnerability too. Applications and individual user and machine accounts within a computer system are only granted certain access privileges, but an unprivileged memory process could acquire privileges related to activity in nearby memory cells which haven’t been properly granted.
For example, on my Xubuntu Linux PC, the majority of my applications and activities don’t require my root account. I don’t have to enter my administrative password to use my web browser or LibreOffice Writer, two of my most frequent activities. I do have to use sudo to with my root (administrative) password to do things like make major changes to my operating system or install new applications. If a cyber attacker manages to run their malware in my RAM, they can’t do much harm unless they get my root privileges through other processes running in memory that have them. If they manage to do so, they could have total control over my PC. This is especially scary considering how fileless malware (malware that only runs in memory, no traces in data storage) is becoming increasingly common these days.
Practical Risks of RAMBleed
The researchers used OpenSSH to demonstrate RAMBleed works. They said that there isn't anything particularly vulnerable about OpenSSH in and of itself, they just happened to choose that application for demonstration purposes.
“To demonstrate the practical risk that RAMBleed poses to memory confidentiality, in this section we present an end-to-end attack against OpenSSH 7.9 (allowing) an unprivileged attacker to extract the server's 2048-bit RSA private signing key. This key is what allows an SSH server to authenticate itself to incoming connections.
As such, a break of this key enables the attacker to masquerade as the server, thereby allowing her to conduct man-in-the-middle (MITM) attacks and decrypt all traffic from the compromised sessions. At a high level, our attack operates by coercing the server's SSH daemon to repeatedly allocate and place its private key material at vulnerable physical locations. We then use double-sided RAMBleed to recover a portion of the bits that make up the server's RSA key. Finally, we utilize the mathematical redundancy in RSA keys to correct for errors in extracted bits, as well as recover missing bits that we were unable to read directly.”
So which kinds of computer systems are susceptible to RAMBleed? The researchers say:
“RAMBleed relies on Rowhammer-induced bit flips to read privileged memory. As such, any system that uses Rowhammer-susceptible DIMMs is vulnerable. Previous research has demonstrated bit flips on both DDR3 and DDR4 with TRR (targeted row refresh) enabled.
While we demonstrated our attack on a desktop machine and an ECC enabled server machine, Rowhammer attacks have been demonstrated against both mobile devices and laptops. As such, we suspect that many classes of computers are susceptible to RAMBleed.”
Fortunately, computer systems can be security hardened against RAMBleed attacks. Wherever possible in whichever motherboards you use, upgrade your memory to DDR4 with targeted row refresh (TRR) enabled.
If your motherboards don't support that kind of memory, you may want to consider replacing the motherboards and CPUs that use altogether. Memory manufacturers need to test for faulty DIMMs (DRAM devices, the ones we pop into the RAM slots of motherboards), and publicly document vendor specific TRR implementations so that all memory manufacturers can make more secure DIMMs based on what they learn from each other.
Whew! I’m just an individual with a home office, and I’ll be replacing my work PC soon. I will make sure that my new PC supports DDR4 with TRR.
Thanks, researchers!