Researchers use Rowhammer bit flips to steal 2048-bit crypto key

Researchers use Rowhammer bit flips to steal 2048-bit crypto key

Enlarge / A DDR3 DIMM with error-correcting code from Samsung. ECC is no longer an absolute defense against Rowhammer attacks. (credit: Samsung)

The Rowhammer exploit that lets unprivileged attackers corrupt or change data stored in vulnerable memory chips has evolved over the past four years to take on a range of malicious capabilities, including elevating system rights and breaking out of security sandboxes, rooting Android phones, and taking control of supposedly impregnable virtual machines. Now, researchers are unveiling a new attack that uses Rowhammer to extract cryptographic keys or other secrets stored in vulnerable DRAM modules.

Like the previous Rowhammer-based attacks, the new data-pilfering RAMBleed technique exploits the ever-shrinking dimensions of DRAM chips that store data a computer needs to carry out various tasks. Rowhammer attacks work by rapidly accessing—or hammering—physical rows inside vulnerable chips in ways that cause bits in neighboring rows to flip, meaning

Read the rest Continue Reading