Researchers in the Netherlands have confirmed that error-correcting code (ECC) protections can be thwarted to perform Rowhammer memory manipulation attacks.
The Vrije Universiteit Amsterdam crew of Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos today said they have developed a viable method to precisely alter bits in server RAM chips without triggering ECC's correction mechanism. This gives them the ability to tamper with data, inject malicious code and commands, and change access permissions so that passwords, keys, and other secrets can be lifted.
The findings are significant because while ECC was once considered a reliable method for thwarting Rowhammer-style attacks, it was thought to be theoretically possible to bypass the defense mechanism. Now an attack has been demonstrated.
The upshot is that a baddie who can leverage the team's technique on servers to sidestep ECC, could extract information from these high-value targets using Rowhammer. Said miscreant would have to first get into a position where they can flip bits on the vulnerable machines, likely using malware already on the device.
The magic number
The VU Amsterdam team confirmed that the way ECC checks for errors suffers from an exploitable loophole: when one bit was changed, the ECC system would correct the error. When two were found, ECC would crash the program.
But if three bits could be changed simultaneously, ECC would not catch the modification. This much people have known about, though the key thing here is that it can be shown to allow Rowhammer attacks through.
Crucially, the researchers found something akin to a race condition that would let them check that a RAM address could be usefully manipulated by the triple-flip technique.
"Simply put: it will typically take measurably longer to read from a memory location where a bitflips needs to be corrected, than it takes to read from an address where no correction was needed," the team explained.
"Thus, we can try each bit in turn, until we find a word in which we could flip three bits that are vulnerable. The final step is then to make all three bits in the two locations different and hammer one final time, to flip all three bits in one go: mission accomplished."
The researchers said they were able to test and recreate the vulnerability on four different server systems: three running Intel chips and one using AMD. They declined to single out any specific memory brands.
Fortunately, while the attack would be extremely difficult to prevent, it also looks to be very difficult to actually pull off in the wild. Between combing through the various addresses to find vulnerable lines and then actually carrying out the Rowhammer attacks, the VU Amsterdam team said a successful attack in a noisy system can take as long as a week.
The boffins said that their findings should not be taken as a condemnation of ECC either. Rather, it should show admins and security professionals that ECC is just one of several protection layers they should use in combination with things like optimised hardware configurations and careful logging and monitoring.
"ECC cannot stop Rowhammer attacks for all hardware combinations. If the number of bit flips is sufficiently high, ECC will only slow down the attack."
A paper describing the technique, Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks, will be presented next year at the Symposium on Security and Privacy. The above link to their work should be valid within the next couple of days. ®