The Rowhammer exploit that lets unprivileged attackers corrupt or change data stored in vulnerable memory chips has evolved over the past four years to take on a range of malicious capabilities, including elevating system rights and breaking out of security sandboxes, rooting Android phones, and taking control of supposedly impregnable virtual machines. Now, researchers are unveiling a new attack that uses Rowhammer to extract cryptographic keys or other secrets stored in vulnerable DRAM modules.
Like the previous Rowhammer-based attacks, the new data-pilfering RAMBleed technique exploits the ever-shrinking dimensions of DRAM chips that store data a computer needs to carry out various tasks. Rowhammer attacks work by rapidly accessing—or hammering—physical rows inside vulnerable chips in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. The attacks work because as capacitors become closer together, they more quickly leak the electrical charges that store the bits. At one time, these bit flips were little more than an exotic crashing phenomenon that was known to be triggered only by cosmic rays. But when induced with surgical precision, as researchers have demonstrated over the past four years, Rowhammer can have potentially serious effects on the security of the devices that use the vulnerable chips.
A new side channel
RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware bug to extract sensitive data stored in memory regions that are off-limits to attackers. The attacks require only that the exploit hammers memory locations the exploit code already has permission to access. What’s more, the data extraction can work even when DRAM protected by error correcting code detects and reverses a malicious bit flip.