The team Project Zero of Google has found a new vulnerability on some recent DRAM DDR3 modules installed on laptops that might compromise the security of the system.
Project Zero has made headlines over the past few months because of some maneuvers ” aggressive ” made against Microsoft. It is a team of hacker’s veterans who works in order to track down bugs and vulnerabilities and fixing them so that they are resolved by the proper authorities. The division of Google has discovered a new vulnerability hidden inside of DRAM DDR3 modules, inviting producers, already aware of the phenomenon for years, to provide information on how to mitigate what is called the problem ” rowhammer “.
It is an issue that had been brought to the attention of Intel and researchers at Carnegie Mellon last year, in a document called ” Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. ” The researchers showed that with increasing miniaturization of DRAM modules is becoming increasingly difficult to isolate the memory in an address to prevent data corruption in another.
With a technique called rowhammering is possible to obtain effects of ” coupling ” between the neighboring cells, causing a ” bit flip “, ie a change of the value of the single cell 1 to 0 or vice versa. The manufacturers of memory modules have always maintained that through this practice was essentially impossible to perform targeted attacks on a specific machine, but following the news brought to light by Mark Seaborn and Thomas Dullien of Project Zero discover that it does not.
The two have explained in detail two attacks proof-of-concept applicable leveraging practices rowhammering on DRAM modules. The methods specified you can get root privileges on machines based on Linux x86-64, but it is a hardware flaw could be exploited regardless of the operating system. To be vulnerable to the practices of rowhammering are some of the DRAM DDR3 modules of three of the largest producers, unspecified. Out of 29 computers, among those analyzed by Google, 15 laptop occurred helpless and no desktop.
The attacks developed by Project Zero have negative results on the machines with memory modules ECC (Error-Correcting Code), while the most-recent modules LPDDR4 should be immune thanks to features Targeted Refresh Row Count and Maximum Active, designed precisely to mitigate the effects of rowhammering.
At the moment, it is still very difficult to quantify the extent of the phenomenon, potentially huge, that should involve mainly the consumer audience of laptop devices.