Using Rowhammer bitflips to root Android phones is now a thing | Ars Technica

http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/

Rowhammer hardware bug is now a security issue for both PCs and smart phones. 

21 Comments

  1. Tomi Engdahl says:

    Rowhammer Attack Can Now Root Android Devices
    https://news.slashdot.org/story/16/10/24/2232220/rowhammer-attack-can-now-root-android-devices

    Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There’s an app to test if your phone is vulnerable to this attack.

    Rowhammer Attack Can Now Root Android Devices
    After Windows & Linux, Rowhammer takes over Android as well
    Read more: http://news.softpedia.com/news/rowhammer-attack-can-now-root-android-devices-509585.shtml#ixzz4O6JeoVDZ

    Reply
  2. Tomi Engdahl says:

    Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
    https://vvdveen.com/publications/drammer.pdf

    Recent work shows that the Rowhammer hardware bug can
    be used to craft powerful attacks and completely subvert a
    system. However, existing e orts either describe probabilis-
    tic (and thus unreliable) attacks or rely on special (and often
    unavailable) memory management features to place victim
    objects in vulnerable physical memory locations. Moreover,
    prior work only targets x86 and researchers have openly won-
    dered whether Rowhammer attacks on other architectures,
    such as ARM, are even possible.
    We show that
    deterministic
    Rowhammer attacks are feasi-
    ble on commodity
    mobile platforms
    and that they cannot be
    mitigated by current defenses. Rather than assuming special
    memory management features, our attack,
    Drammer
    , solely
    relies on the predictable memory reuse patterns of standard
    physical memory allocators. We implement
    Drammer
    on
    Android/ARM, demonstrating the practicability of our at-
    tack, but also discuss a generalization of our approach to
    other Linux-based platforms. Furthermore, we show that
    traditional x86-based Rowhammer exploitation techniques
    no longer work on mobile platforms and address the resulting
    challenges towards practical mobile Rowhammer attacks

    Native binary for testing Android phones for the Rowhammer bug
    https://github.com/vusec/drammer

    Reply
  3. Tomi Engdahl says:

    Researchers Propose Software Mitigations for Rowhammer Attacks
    http://www.securityweek.com/researchers-propose-software-mitigations-rowhammer-attacks

    A team of researchers has proposed two software-based methods that could be used to mitigate Rowhammer, a type of attack that exploits weaknesses in the design of dynamic random-access memory (DRAM).

    Rowhammer attacks are possible due to increasing DRAM density, which has led to memory cells being physically smaller and closer together. If a row is accessed repeatedly, it causes bit flips in adjacent memory rows.

    The first working privilege escalation exploits leveraging Rowhammer were disclosed by Google researchers in March 2015. Experts later created a JavaScript implementation, and they recently demonstrated that the attack can even be used to root some Android devices.

    Rowhammer attacks are not easy to mitigate, particularly using software. The most efficient mitigation involves redesigning DRAM modules. However, researchers from the Technische Universität Darmstadt and the University of Duisburg-Essen in Germany have now come up with what they call “practical and generic software-only defenses.”

    The first method, dubbed B-CATT, doesn’t require any changes to the OS and it can be used on all x86 systems. B-CATT is a bootloader extension that locates and disables vulnerable physical memory. Vulnerable memory addresses are identified using existing Rowhammer exploitation tools. Since OSs are designed to handle unavailable memory regions, B-CATT should not break any system functionality, researchers said.

    The second mitigation, G-CATT (Generic-CATT), aims to prevent bit flips from affecting memory locations belonging to high-privileged security domains, such as the kernel and co-located virtual machines. It does this by ensuring that memory between the row controlled by the attacker and the row storing the targeted data are separated by at least one row.

    The researcher believes the B-CATT idea is “fairly good,” but there are some weak points,

    CAn’t Touch This: Practical and Generic Software-only Defenses Against Rowhammer Attacks
    https://arxiv.org/pdf/1611.08396v1.pdf

    Reply
  4. Tomi Engdahl says:

    Rowhammer RAM attack adapted to hit flash storage
    Project Zero’s two-year-old dog learns a new trick
    https://www.theregister.co.uk/2017/08/17/rowhammer_for_nand_flash/

    It’s Rowhammer, Jim, but not as we know it: IBM boffins have taken the DRAM-bit-flipping-as-attack-vector trick found by Google and applied it to MLC NAND Flash.

    Google’s Project Zero found Rowhammer in 2015, when they demonstrated that careful RAM bit-flipping in page table entries could let an attacker pwn Linux systems.

    Ever since Project Zero’s initial result, boffins have looked for other vectors or other victims (for example, it was turned into an Android root attack in 2016).

    Enter a group of boffins from IBM Research Zurich, who plan to demo a Rowhammer attack on MLC NAND flash after explaining it at this week’s Usenix-organised W00T17 conference in Vancouver.

    Scary? Yes, but there’s a couple of slivers of good news: it’s a local rather than a remote attack, and the researchers constrained themselves to a filesystem-level attack rather than a full-system attack.

    The bad news is that Rowhammer-for-NAND can work at lower precision than its ancestor: while the original Google research worked by flipping single bits, “ the attack primitive an attacker can obtain from MLC NAND flash weaknesses is a coarse granularity corruption”.

    In other words, their “weaker attack primitive … is nevertheless sufficient to mount a local privilege escalation attack”.

    To get that far, the research explain in this paper [PDF], an attack has to beat protections at all layers from the Flash chip up to the operating system:

    Cell-to-cell interference protections on the chip;</li
    The Flash controller's scrambling and error correction codes, that are designed to increase device reliability;
    Wear-levelling and block placement algorithms in the SSD controller make memory placement less predictable, from the attacker's point of view;
    Filesystem protections like caching and error detection have to be bypassed.

    Only then does the attacker get to present their payload.

    https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf

    Reply
  5. Tomi Engdahl says:

    Attacking a co-hosted VM: A hacker, a hammer and two memory modules
    https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/

    Row-hammer is hardware bug that can cause bit-flips in physical RAM. Mark Seaborn and Thomas Dullien were the first to exploit the DRAM row-hammer bug to gain kernel privileges. Kaveh Razavi et al. pushed the exploitation of row-hammer bugs to the next level. They abused an OS feature – memory de-duplication – to surgically flip bits in a controlled way. They succeeded in flipping bits in memory loaded sensitive files (e.g. authorized_keys) assuming they know their contents. By weakening RSA moduli in authorized_keys file, they were able to generate corresponding private keys and authenticate on a co-hosted victim VM.

    we aim to showcase a different attack scenario. Instead of corrupting memory loaded files, we chose to corrupt the state of a running program. The libpam is an attractive target since it provides authentication mechanisms on widely deployed *nix systems.

    Reply
  6. Tomi Engdahl says:

    Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more
    Hacking laws in the limelight in Georgia and DC, plus new iPhone anti-tampering
    https://www.theregister.co.uk/2018/05/12/security_roundup/

    Rowhammer swings again with network-based attacks

    It has been three years since the infamous ‘Rowhammer’ technique was first disclosed, and the menace of the bit-slamming memory attack is still being exploited in new and devious ways.

    This time it is network connections that have been found vulnerable to brute-force memory corruption trick. Researchers from Vrije Universiteit in Amsterdam found [PDF] that network packets can be used to trigger the address error conditions on any machine that has remote direct memory access (RDMA) enabled.

    This means that, for the first time, Rowhammer has been shown to be remotely exploitable and an attacker no longer requires local access to a machine in order to take advantage of the vulnerability.

    https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf

    Reply
  7. Tomi Engdahl says:

    GLitch Chronicles: Turning WebGL Into A Hammer
    https://conference.hitb.org/hitbsecconf2018dxb/sessions/glitch-chronicles-turning-webgl-into-a-hammer/

    The outcome of such thesis is a JavaScript exploit that takes advantage of the (now) well-known Rowhammer vulnerability to compromise an Android smartphone with NO software bugs in less than two minutes. Not completely satisfied we also wanted to give it a cool name: meet GLitch. GLitch is the first exploit of its kind for two main reasons: (i) it represents the first instance of a JavaScript-based Rowhammer attack on the more widespread ARM platforms (that is, your smartphone), (ii) it is the first PoC of Rowhammer bit flips triggered from the GPU (and from a website).

    Now you may be asking yourself: wtf?!! how is this even possible?? how can you trigger bit flips from the GPU? and how do you do it from JS? The answer is WebGL. The WebGL API gives access to GPU acceleration

    Reply
  8. Tomi Engdahl says:

    AN INGENIOUS DATA HACK IS MORE DANGEROUS THAN ANYONE FEARED
    https://www.wired.com/story/rowhammer-ecc-memory-data-hack/

    THE DATA THEFT technique called “Rowhammer” has fascinated and worried the cybersecurity community for years now, because it combines digital and physical hacking in ways that are both fascinating and unaccounted for. Since its discovery, researchers have steadily refined the attack, and expanded the array of targets it works against. Now, researchers have significantly increased the scope of the potential threat to include critical devices like servers and routers—even when they have components that were specifically thought to be immune.

    Reply
  9. Tomi Engdahl says:

    DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
    https://www.imperva.com/blog/dirtycow-bug-drives-attackers-to-a-backdoor-in-vulnerable-drupal-web-servers/
    In this post we’ll unpack a short — but no less serious — attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines.

    https://www.wired.com/story/rowhammer-ecc-memory-data-hack/

    Reply
  10. Tomi Engdahl says:

    ECCPLOIT: ECC MEMORY VULNERABLE TO ROWHAMMER ATTACKS AFTER ALL
    https://www.vusec.net/projects/eccploit/

    Where many people thought that high-end servers were safe from the (unpatchable) Rowhammer bitflip vulnerability in memory chips, new research from VUSec, the security group at Vrije Universiteit Amsterdam, shows that this is not the case. Since prominent security researchers and companies have suggested that ECC provides pretty good protection [1,2,3], and exploitable bitflips on ECC memory are seen by many as the “unholy grail” for Rowhammer attacks, the new attack to reliably flip bits that completely bypass ECC protection is a major step forward in Rowhammer research.

    Reply
  11. Tomi Engdahl says:

    DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes
    https://www.bleepingcomputer.com/news/security/ddr4-memory-still-at-rowhammer-risk-new-method-bypasses-fixes/
    Academic researchers testing modern memory modules from Samsung,
    Micron, and Hynix discovered that current protections against
    Rowhammer attacks are insufficient.. The new findings show that memory
    bit flipping works on many devices, including popular smartphones from
    Google, Samsung, and OnePlus.

    Reply
  12. Tomi Engdahl says:

    DRAM’s Persistent Threat To Chip Security
    https://semiengineering.com/drams-peristent-threat-to-chip-security/

    Rowhammer attack on memory could create significant issues for systems; possible solution emerges.

    Reply
  13. Tomi Engdahl says:

    New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
    https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

    Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.

    Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years.

    https://www.vusec.net/projects/smash/

    Reply
  14. Tomi Engdahl says:

    New hammering technique for DRAM Rowhammer bug https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html
    Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.

    Reply
  15. Tomi Engdahl says:

    Lily Hay Newman / Wired:
    Google researchers detail “Half-Double”, a new Rowhammer attack technique they say will be difficult to mitigate as future generations of DRAM chips get smaller

    As Chips Shrink, Rowhammer Attacks Get Harder to Stop
    A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.
    https://www.wired.com/story/rowhammer-half-double-attack-bit-flips/

    In 2015, Researchers at Google made a troubling discovery: The data theft technique known as “Rowhammer,” previously thought of as a theoretical concern, could be exploited in real-world conditions. Now a different group of Google computer scientists have shown that the problem has only gotten worse, thanks in part to improvements in how chips are designed.

    Rowhammer is a physical hacking technique that manipulates the electric charge in computer memory chips (known as DRAM) to corrupt or exfiltrate data. In an attack, hackers run the same program repeatedly on a “row” of DRAM transistors to “hammer” that row until it leaks electricity into the adjacent row. When done in a targeted way, that leakage can physically flip a bit in the next row of transistors from 1 to 0 or vice versa. By strategically flipping enough bits, an attacker can begin to manipulate the target system and gain a digital foothold.

    In the years since the original 2014 Rowhammer research, chipmakers have added mitigations that monitor adjacent rows for potentially suspicious behavior. But as chips continue to get smaller, the ripple effect that comes from hammering a given row could potentially flip bits two or more rows away.

    Think of Gallagher smashing a watermelon. You can protect the front of the audience by giving them all plastic ponchos. But if he swings hard enough, and the crowd is packed in tight enough, the rind and pulp could make contact with faces two or three rows deep.

    The researchers dubbed their attack “Half-Double,” and note that the technique wasn’t practical on older generations of DRAM where transistor rows were slightly farther apart. As whatever’s left of Moore’s Law packs transistors ever more densely together, though, the risk of spillover in Rowhammer attacks is increasing.

    “This is the result of miniaturization,” the Google researchers told WIRED in a written response to questions. “In our experiments with older DDR4 chips, this technique was not successful. We are releasing this research today in order to advance the understanding of this threat. We are hopeful that it will further discussions on mitigations that are long lasting and effective.”

    Google disclosed its findings to the semiconductor engineering trade organization JEDEC, which has issued two stop-gap mitigations. And the researchers have been coordinating with other industry partners as well to raise awareness about the issue. But it will take time for chipmakers to fully understand the implications.

    A full fix will also require rethinking how chips get designed, and would apply to future generations of DRAM. To go back Mighimi’s metaphor, it’s easier to build a new apartment with thicker walls and more insulation than it is to retrofit an existing building.

    Moghimi says that researchers already understood this potential risk in theory, but that the Google findings, once again, demonstrate a plausible, real-world attack. “It shows that it’s more practical than a lot of people think,” he says.

    This isn’t the first time Rowhammer attacks have seemed to be resolved and then roared back. Researchers at Vrije Universiteit Amsterdam have repeatedly shown in the last 18 months that current chip defenses against more traditional Rowhammer attacks can be defeated. But the Google findings carry an additional warning that advances in the size and efficiency of memory chips potentially come with new risks from Rowhammer.

    NEAR-TERM DRAM LEVEL ROWHAMMER MITIGATION
    https://www.jedec.org/standards-documents/docs/jep300-1

    SYSTEM LEVEL ROWHAMMER MITIGATION
    https://www.jedec.org/standards-documents/docs/jep301-1

    Reply
  16. Tomi Engdahl says:

    Blacksmith: Rowhammer Fuzzer Bypasses Existing Protections
    https://www.securityweek.com/blacksmith-rowhammer-fuzzer-bypasses-existing-protections

    A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips.

    The Rowhammer issue, which has been around for roughly one decade, exists because cells on DRAM chips are smaller and closer to each other, making it difficult to prevent electrical interaction between them. Thus, by repeatedly accessing data in a row of memory, data in nearby rows may become corrupted.

    To mitigate the flaw, Target Row Refresh (TRR) was introduced in DRAM but a group of researchers managed to bypass the protection using “non-uniform and frequency-based Rowhammer access patterns.”

    All Rowhammer access patterns published to date exploit rows uniformly, and TRR exploits this behavior to identify ‘aggressor’ rows and refresh nearby ‘victim’ rows to prevent failure.

    However, as smaller technology nodes are used, the underlying DRAM technologies are increasingly vulnerable, resulting in fewer accesses being needed to trigger bit flips in DRAM memory. Thus, non-uniform access patterns can be used to bypass TRR, the researchers said in a paper documenting the work.

    The researchers conducted experiments on 40 DDR4 DIMMs (from Samsung, Micron, and SK Hynix) to explore the possibility of bypassing mitigations through “accessing aggressor rows in non-uniform access patterns.”

    BLACKSMITH: Scalable Rowhammering in the Frequency Domain
    https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

    Reply
  17. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Researchers say they used a new Rowhammer exploit to successfully flip bits on all 40 PC-DDR4 DRAM devices they tested, defeating recent hardware mitigations — Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits. — Rowhammer exploits that allow unprivileged attackers …

    DDR4 memory protections are broken wide open by new Rowhammer technique
    Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits.
    https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/

    Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.

    Rowhammer attacks work by accessing—or hammering—physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things.

    All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows—meaning those that cause bitflips in nearby “victim” rows—are accessed the same number of times.

    Bypassing all in-DRAM mitigations

    Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work from the same researchers.

    “We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”

    The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to.

    Blacksmith
    https://comsec.ethz.ch/research/dram/blacksmith/

    We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScript, on smartphones, across VMs in the cloud, and even over the network.

    Rowhammer is a vulnerability caused by leaking charges in DRAM cells that enables attackers to induce bit flips in DRAM memory. To stop Rowhammer, DRAM implements a mitigation known as Target Row Refresh (TRR). Our previous work showed that the new n-sided patterns can still trigger bit flips on 31% of today’s PC-DDR4 devices. We propose a new highly effective approach for crafting non-uniform and frequency-based Rowhammer access patterns that can bypass TRR from standard PCs. We implement these patterns in our Rowhammer fuzzer named Blacksmith and show that it can bypass TRR on 100% of the PC-DDR4 DRAM devices in our test pool. Further, our work provides new insights on the deployed mitigations.

    How bad is it?

    For our evaluation, we considered a test pool of 40 DDR4 devices covering the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its capability to find effective patterns. Thereafter, we swept the best pattern (based on the number of total bit flips triggered) over a contiguous memory area of 256 MB and report the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices of manufacturers A and D.

    We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to pivot it to an attacker-controlled page table page, an attack on the RSA-2048 public key that allows recovering the associated private key used to authenticate to an SSH host, and an attack on the password verification logic of the sudoers.so library that enables gaining root privileges.

    You can a demo of our Blacksmith fuzzer below, showing how easy and quick it is to find bit flips on TRR-enabled DDR4 devices.

    BLACKSMITH: Scalable Rowhammering in the Frequency Domain
    https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

    Reply
  18. Tomi Engdahl says:

    https://hackaday.com/2023/06/30/this-week-in-securitycamaro-dragon-rowpress-and-repojacking/

    ROWPRESS
    It may sound like an exercise, but RowPress is actually the latest DRAM attack, in the same vein as RowHammer. Where RowHammer repeatedly opened and closed a DRAM’s activation line to induce errors on a neighboring line, RowPress simply keeps the activation line opened longer than normal. And it works better than RowHammer, surprisingly. And because it’s a novel technique, it sidesteps a lot of the protections built for Rowhammer and other techniques.

    One of the interesting observations is that the temperature of system memory makes a difference. Once RAM is over 80 degrees Celsius, most of the RAM tested became significantly more vulnerable to RowPress memory corruption.

    https://dl.acm.org/doi/abs/10.1145/3579371.3589063

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*