With an increase in the number of hacks and exploits
focused solely on fundamental properties of underlying hardware, Rowhammer, is
one such attack known since 2012 which is a serious issue with recent
generation dynamic random access memory (DRAM) chips which oftentimes while
accessing a column of memory can cause "bit flipping" in a contiguous
line, enabling anybody to alter the contents of the PC memory.
All previously known Rowhammer attack methods
required privilege acceleration, which implies that the attacker needed to have
effectively found and exploited a weakness within the framework. Lamentably,
that is no longer true as researchers have discovered that you can trigger a
Rowhammer attack while utilizing network packets.
Termed as 'Throwhammer,' the newfound technique
could enable attackers to dispatch Rowhammer attack on the said focused
frameworks just by sending uniquely crafted packets to the vulnerable system cards over the Local
Area Network.
A week ago, security researchers point by point
developed a proof-of-concept Rowhammer attack strategy, named GLitch, that uses
installed graphics processing units (GPUs) to carry out the Rowhammer attacks
against Android gadgets.
Be that as it may, all previously known Rowhammer
attack methods required privilege acceleration on a target device, which means
that the attackers needed to execute code on their focused machines either by
drawing casualties to a pernicious site or by deceiving them into installing a
malignant application.
Tragically, this limitation has now been eliminated,
at least for some devices.
Researchers at the Vrije Universiteit Amsterdam and
the College of Cyprus have now discovered that sending despiteful packets over
LAN can trigger the Rowhammer attack on systems running Ethernet network cards
outfitted with Remote Direct Memory Access (RDMA), which is generally utilized
as a part of clouds and data centres.
Since RDMA-enabled network cards allow computers in
a system to trade information (with read and write privileges) in the
fundamental memory, mishandling it to get to host's memory in fast progression
can trigger bit flips on DRAM.
"We rely on the commonly-deployed RDMA
technology in clouds and data centres for reading from remote DMA buffers
quickly to cause Rowhammer corruptions outside these untrusted buffers, these
corruptions allow us to compromise a remote Memcached server without relying on
any software bug." researchers said in a paper [PDF] published Thursday.
Since activating a bit flip requires a huge number
of memory accesses to particular DRAM locations within milliseconds, a
fruitful Throwhammer attack would
require a very high-speed network of no less than 10Gbps.
In their experimental setup, the researchers
achieved bit flips on the said focused server subsequent to accessing its
memory 560,000 times in 64 milliseconds by sending packets over LAN to its
RDMA-empowered network card.
Since Rowhammer exploits a computer hardware
weakness no software fix can completely settle the issue once and for all.
Researchers trust that the Rowhammer risk isn't just genuine but also has the
potential to cause serious damage.
For additional in-depth knowledge on this new attack
technique, the users' can access this paper published by the researchers on
Thursday [PDF], titled
"Throwhammer: Rowhammer Assaults over the
System and Resistances"