Bit boffins from Australia, Austria, and the US have expanded upon the Rowhammer memory attack technique to create more dangerous variation called RAMBleed that can expose confidential system memory.
The memory integrity issue tied to Rowhammer was known to Intel since at least 2012 and began to be explored in academic research in 2014. The following year, Google Project Zero researchers developed an exploit technique to gain kernel privileges by repeatedly writing to memory locations into order to change adjacent memory cells – a consequence of the electrical interaction between close-packed DRAM circuitry.
In a paper released online on Tuesday – with the now obligatory vulnerability illustration and dedicated domain, rambleed.com – Andrew Kwong (University of Michigan), Daniel Genkin (University of Michigan), Daniel Gruss (Graz University of Technology, and Yuval Yarom (University of Adelaide and Data61), describe a way to use the Rowhammer technique as a side channel to read data that should be off limits rather than write it.
It demonstrates it is possible for malware or a rogue user on a system to hammer bits in RAM to read information in memory belonging to other programs and users, and thus siphon off secrets in the process. This is not particularly brilliant for multi-tenant boxes in public clouds. The research is scheduled to be presented May, 2020, at the 41st IEEE Symposium on Security and Privacy.
"As opposed to previous Rowhammer attacks, which wrote to sensitive data, RAMBleed instead reads sensitive data, thereby breaching confidentiality," said Kwong, a doctoral student, in an email to The Register.
The boffins in their paper observe that Rowhammer has been assumed to be relatively benign because there aren't really any security implications to flipping bits within one's own private memory where one already has write privileges. But they say their findings show that assumption is incorrect, and note that one of the mitigations proposed for Rowhammer – using error-correcting code (ECC) memory as a means of ensuring memory integrity – fails to block RAMBleed.
3 is the magic number (of bits): Flip 'em at once and your ECC protection can be Rowhammer'dREAD MORE
"After profiling the target’s memory, we show how RAMBleed can leak secrets stored within the target’s physical memory, achieving a read speed of about 3–4 bits per second," the paper said.
Kwong said that while the attack was conducted with local code execution, its scope remains an open question. "Given the sophistication of the attack, I might characterize RAMBleed as being more academic for the moment, but as history has shown, what is academic research today soon becomes everybody's problem tomorrow," he said.
The researchers say they notified Intel, AMD, OpenSSH, Microsoft, Apple, and Red Hat of their findings, which were assigned CVE-2019-0174.
To prepare the attack, on Linux machines at least, the boffins abuse the Linux buddy allocator to ensure they have access to physically consecutive memory pages. After searching for bits that can be flipped using Rowhammer and recording these, the attack template is ready.
The researchers then exploit the predictability of the Linux physical memory allocator to coerce the victim's memory page in the desired physical location, a technique they refer to as "Frame Feng Shui." They then employ the RAMBleed technique to deduce the victim's memory bits.
According to Kwong, it took almost four hours to read out enough of a 2048-bit RSA encryption key such that they could recover the rest with a variant of the Heninger-Shacham algorithm.
The paper express skepticism about existing software mitigations, noting that RAMBleed can bypass software-based integrity checks and memory partitioning schemes. Hardware-based mitigations may help, though one proposed measure, PARA (probabilistic adjacent row activation) has not been widely adopted and only offers a probabilistic (rather than consistent) security guarantee.
RAMBleed has been demonstrated on devices with DDR3 memory chips, and Rowhammer's bit flipping on DDR4 components. DDR4 supports a defensive technique called Targeted Row Refresh, but its efficacy is uncertain. "Given the closed-source nature by which TRR is implemented, it is difficult for the security community to evaluate its effectiveness," said Kwong. "While bit flips have been demonstrated on TRR before, the extent to which TRR mitigates RAMBleed remains an open question."
Other techniques that may help include memory encryption, flushing keys from memory, and a less predictable memory allocator. ®