The Rowhammer: the Evolution of a Dangerous Attack
The Rowhammer Attack
Back in 2015, security researchers at Google’s Project Zero team demonstrated how to hijack an Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips.
The attack technique devised by the experts was dubbed “Rowhammer,” its exploitation could allow attackers to obtain higher kernel privileges on the target system.
The Rowhammer issue is classified as a problem affecting some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows, this means that theoretically, an attacker can change any value of the bit in the memory.
A research paper published by experts from the Carnegie Mellon University and the Intel Labs provides a detailed analysis of the techniques to exploit the Rowhammer issue.
“We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. -induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process,” read the post published by Google’s Project Zero.
“When run on a machine vulnerable to the Rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.”
To understand the way an attacker could exploit the Rowhammer issue, let’s remember that a DDR memory is arranged in an array of rows and columns. Blocks of memory are allocated to different services and applications.
A “sandbox” protection mechanism is implemented to avoid that an application accesses the memory space reserved by another application. However, it is possible to evade it using a flipping technique that is the pillar for the Rowhammer attack.
The study conducted by the experts is based on past research conducted by Yoongu Kim titled “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors.” The expert with a team of colleagues demonstrated that by repeatedly accessing two “aggressor” memory locations within the process’s virtual address space can cause bit flips in a third, “victim” location.
“The victim location is potentially outside the virtual address space of the process — it is in a different DRAM row from the aggressor locations, and hence in a different 4k page (since rows are larger than 4k in modern systems). As a result, hammering two aggressor memory regions can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells,” states the blog post from Project Zero.
DRAMs used in modern processors have a high capacity, and it is hard to prevent DRAM cells from interacting electrically with each other.
The white hat hackers at the Project Zero proposed two proof-of-concept exploits that allowed them to control several x86 computers running Linux, but according to the experts, the attacks could work with other operating systems as well.
Below are the details of the two attacks:
- First, Page table entries (PTEs) based exploit uses Rowhammer induced bit flips to achieve kernel privileges on x86-64 Linux and hence, gain read-write access to entire of physical memory.
- A second exploit demonstrates the exploitation of same vulnerability by escaping from the Native Client sandbox.
The team of experts at Project Zero also provided mitigations for the Rowhammer flaw and in particular the kernel privilege escalation attack.
Researchers changed Native Client to disallow the x86 CLFLUSH instruction that is necessary for the success of the exploit.
“We have mitigated this by changing NaCl to disallow theCLFLUSHinstruction,” suggested the team.
The second exploit is very hard to mitigate on existing architecture because it runs as a normal x86-64 process on Linux and escalates privilege to gain access to all physical memory.
The experts tested the exploits on eight x86 notebook computers, produced between 2010 and 2014, and using five different vendors of DDR3 DRAM on five different CPU families.
Experts Project Zero published the “Program for testing for the DRAM “Rowhammer” problem” on Github.
Test results show that researchers obtained a bit flip in 15 cases with 29 different machines, they highlighted that the lack of an observed bit flip does not mean that the DRAM isn’t necessarily exploitable.
“While an absence of bit flips during testing on a given machine does not automatically imply safety, it does provide some baseline assurance that causing bit flips is at least difficult on that machine,” said one of the researchers.
A possible defense against the Rowhammer exploitation attack is the use of ECC memory that leverages extra bits to help correct errors, but that is more expensive. The attack fails against the latest DDR4 silicon or DIMMs that contain ECC capabilities.
“The biggest threat at the moment appears to be to desktops/laptops because they have neither ECC memory nor virtual machines. In particular, there seems to be a danger with Google’s native client (NaCl) code execution. This a clever sandbox that allows the running of native code within the Chrome browser, so that web pages can run software as fast as native software on the system. This memory corruption defeats one level of protection in NaCl. Nobody has yet demonstrated how to use this technique in practice to fully defeat NaCl, but it’s likely somebody will discover a way eventually,” said researcher Robert Graham of Errata Security.
The project Zero team urged DRAM manufacturers, chip makers, and BIOS creators to adopt the necessary measures to mitigate Rowhammer security issues and divulge how they have done it.
Drammer – The Rowhammer Attack goes mobile
One year later, a team of experts from the VUSec Lab at Vrije Universiteit Amsterdam studied the possibility to exploit the Rowhammer issue to gain unfettered “root” access to millions of Android smartphones.
The experts devised an attack technique dubbed Drammer that could be exploited to gain “root” access to millions of Android smartphones targeting the device’s dynamic random-access memory (DRAM).
The Rowhammer attack for mobile device involves a malicious application that once in execution repeatedly accesses the same “row” of transistors on a memory chip in a tiny fraction of a second (Hammering process)
Hammering a specific portion of memory can electrically interfere with neighboring row. This interference can cause the row to leak electricity into the next row, which eventually causes a bit to flip and consequent data modification.
An attacker can exploit these modifications to execute its own code and gain control of the mobile device.
The researchers created a proof-of-concept exploit, dubbed DRAMMER, to test mobile the Rowhammer attack on mobile devices. The experts published a research paper on the DRAMMER attack and a web page including technical details of the attack.
The technique allows modifying crucial bits of data to root Android devices from major vendors.
To give an app direct access to the dynamic random-access memory (DRAM), the researchers exploited the Android mechanism known as the ION memory allocator.
The ION memory allocator also allows the attackers to identify adjacent rows on the DRAM, which is essential to power the Rowhammer attack by generating bit flips.
The ability allowed the researchers to achieve root access on the victim’s device, giving them full control of the mobile device.
“On a high level, our technique works by exhausting available memory chunks of different sizes to drive the physical memory allocator into a state in which it has to start serving memory from regions that we can reliably predict,” states the paper.
“We then force the allocator to place the target security-sensitive data, i.e., a page table, at a position in physical memory which is vulnerable to bit flips and which we can hammer from adjacent parts of memory under our control.”
Figure 1 – Drammer attack
“Drammer is a new attack that exploits the Rowhammer hardware vulnerability on Android devices. It allows attackers to take control over your mobile device by hiding it in a malicious app that requires no permissions. Practically all devices are possibly vulnerable and must wait for a fix from Google to be patched. Drammer has the potential to put millions of users at risk, especially when combined with existing attack vectors like Stagefright or BAndroid,” states a blog post published by the researchers.
The experts successfully rooted Android handsets including Google’s Nexus 4 and Nexus 5; LG’s G4; Samsung Galaxy S4 and Galaxy S5, Motorola’s Moto G models from 2013 and 2014; and OnePlus One.
Figure 2 – Drammer Test results
“Not only does our [DRAMMER] attack show that practical, deterministic Rowhammer attacks are a real threat to billions of mobile users, but it is also the first effort to show that Rowhammer is…(reliably exploitable) on any platform other than x86 and with a much more limited software feature set than existing solutions,” reads a paper published by the experts.
The DRAMMER app can gain full control over the victim’s mobile within minutes and doesn’t request user’s interaction.
The researchers published two proof-of-concept videos that demonstrate DRAMMER attack in action against an unrooted LG Nexus 5.
In the first video, the phone is running Android 6.0.1 with security patches Google released on October 5, while in the second video the researchers show how the DRAMMER attack can be combined with Stagefright bug that is still unpatched in many older Android devices.
The researchers have also released on GitHub the source code of the DRAMMER app to allow users to test their mobile device and anonymously share their results.
The experts reported the issue to Google in July, and the tech giant recognized it as a “critical” vulnerability and awarded the researchers $4,000 under its bug bounty program.
The problem is that some software features that DRAMMER exploits are so essential to any OS, it is not possible to remove or modify them without a significant impact on the overall design of the device.
GLitch Attack: the first remote Rowhammer attack against Android devices
The researchers from the VUSec Lab at Vrije Universiteit Amsterdam continued their analysis of the Rowhammer attack technique and demonstrated how to leverage graphics processing units (GPUs) to target Android smartphones.
The experts started with the greatest limitation of the Drammer attack that was represented by the necessity to have a malicious application being installed on the target device.
Now for the first time, the same team of experts has devised a technique dubbed GLitch to conduct the Rowhammer attack against an Android phone remotely.
The GLitch technique leverages embedded graphics processing units (GPUs) to launch the attack.
“We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms,” reads the research paper.
The name GLitch comes from a widely used browser-based graphics code library known as WebGL for rendering graphics to trigger a known glitch in DDR memories.
By using this attack scheme, it is possible to hack an Android smartphone in just 2 minutes remotely. The malicious script runs only within the privileges of the web browser, which means that the attacker can harvest users’ credentials and spy on user’s browsing activity.
The GLitch attack could not allow threat actors to gain the full control over the victim’s device.
GLitch rather than leverage the CPU like other implementation for the Rowhammer technique uses the graphics processing units (GPU).
The researchers have chosen to exploit the GPU because its cache can be easily controlled, allowing them to hammer targeted rows without any interference.
“While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms,” continues the paper.
Affected smartphones run the Snapdragon 800 and 801 systems on a chip; this implies that the GLitch attack only works only on older Android devices, including LG Nexus 5, HTC One M8, or LG G2.
The PoC code works against both Firefox and Chrome; the video demo researchers demonstrate the GLitch attack on a Nexus 5 running over Mozilla’s Firefox browser.
Unfortunately, it is impossible to mitigate the GLitch attack with a software patch because it leverages hardware vulnerabilities.
Experts warn of potential effects of Rowhammer attacks on a large scale; they are currently helping Google to mitigate the attack.
Throwhammer – Rowhammer attack on a system in a LAN
With the GLitch attack experts demonstrated how to leverage graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones, they also devised a variant of the Rowhammer attack dubbed Throwhammer to target a system in a LAN.
The technique was devised by the same team of researchers that proposed the previous ones, a group of experts from the Vrije Universiteit Amsterdam and the University of Cyprus.
This time the researchers demonstrated that sending malicious packets over LAN it is possible to implement a Rowhammer attack on systems running Ethernet network cards equipped with Remote Direct Memory Access (RDMA). Such kind of configuration is widely adopted in cloud infrastructure and data centers.
Figure 3 – Throwhammer Attack
The RDMA feature is used by network cards to allow computers in a network to exchange data (with read and write privileges) directly to the main memory. The researchers demonstrated that it is possible to abuse this feature to perform access to the target memory in rapid succession triggering bit flips on DRAM.
The Throwhammer attack requires a high-speed network of at least 10Gbps to trigger a bit flip through hundreds of thousands of memory accesses to specific DRAM locations within tens of milliseconds.
“Specifically, we managed to flip bits remotely using a commodity 10 Gbps network. We rely on the commonly-deployed RDMA technology in clouds and data centers for reading from remote DMA buffers quickly to cause Rowhammer corruptions outside these untrusted buffers,” reads the research paper published by the experts.
“These corruptions allow us to compromise a remote memcached server without relying on any software bug.”
According to the paper, the experts were able to observe bit flips accessing memory 560,000 times in 64 ms (roughly 9 million accesses per second) over LAN to its RDMA-enabled network card.
“Even regular 10 Gbps Ethernet cards can easily send 9 million packets per second to a remote host that end up being stored on the host’s memory,” continues the paper.
“Might this be enough for an attacker to effect a Rowhammer attack from across the network? In the remainder of this paper, we demonstrate that this is the case and attackers can use these bit flips induced by network traffic to compromise a remote server application.”
Experts explained that disable RDMA to mitigate the attack is effective but nor not realistic, therefore, they presented some solutions such as ALIS, a custom allocator that isolates a vulnerable RDMA buffer.
Technical details for the Throwhammer attack are available in the paper published by the experts and titled “Throwhammer: Rowhammer Attacks over the Network and Defenses.”
The experts demonstrated how to leverage the Rowhammer attack to target both mobile and desktop systems. Unfortunately, it is not possible to simply mitigate the flaws exploited by the technique by using software patches.
To solve the issue, it is necessary to re-design the architecture of the flawed components; meantime threat actors can start exploiting the Rowhammer technique in the wild.