Remember Rowhammer; it has a long enough memory to remember you

Subject: General Tech | May 10, 2018 - 02:05 PM |
Tagged: rowhammer, security, throwhammer

Rowhammer dates back to 2015, a vulnerability which is able to flip bits in DRAM and NAND.  An enterprising attacker could use it to target page table entries which would allow them to gain root access to Linux machines, but it was a local attack and could not be performed remotely ... until now.  Researchers have discovered a new way to exploit this vector using carefully crafted network packages to attack high end network cards which utilize remote direct memory access.  That feature is very handy, allowing the network card to move large amounts of data without taking CPU cycles but it is vulnerable to this new attack.  Drop by Ars Technica for all the depressing details about Throwhammer.

View Full Size

"For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Ars Technica

May 10, 2018 | 04:50 PM - Posted by meowster (not verified)

Throwhammer... requires 10Gbit or higher speed NIC with RDMA.
Who is realistically going to run such a setup without ECC on the RAM?
The "researchers" tested a scenario without ECC.

May 10, 2018 | 08:00 PM - Posted by Jeremy Hellstrom

Prerry much any company run by bean counters.  :(

May 11, 2018 | 06:38 PM - Posted by BETAisTheWayOfLiveInRedmondTown (not verified)

RDMA is a scary thing to have what with all that BUS Mastering ability so maybe the NIC needs to have their own Security Hardware/Firmware that can look at the memory access patterns as the DMA/RDMA controller is doing the R/W accesses. But Really maybe Server CPUs/system firmware needs some method of checking if the System Memory being used is ECC capable or not and disable RDMA if the user is using non ECC DIMMs.

Modern CPUs/PC systems need the ability to at least monitor memory access patterns as a hardware/OS feature that is designed in such a way as to not become a side channel attack vector in and of itself. But RDMA is the most vulrenable method for an attacker to remotely read/write to a system's memory and I'd rather the NIC have its own memory to work out of that's ECC based.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.