Packets over a LAN are all it takes to trigger serious Rowhammer bit flips

Photo of Packets over a LAN are all it takes to trigger serious Rowhammer bit flips

Enlarge / Researchers used a network card like this one in a Rowhammer attack that needed only packets sent over a LAN to work. (credit: Mellanox)

For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers.

Until now, Rowhammer exploits had to execute code on targeted machines. That hurdle required attackers to either sneak the unprivileged code onto the machines or lure end users to a website that hosted malicious JavaScript. In a paper published Thursday, researchers at the Vrije Universitat Amsterdam and the University of Cyprus showed that standard packets sent over networks used by many cloud services, universities, and others were sufficient. The secret to the new technique: increasingly fast network speeds that allow hackers to send specially designed packets in rapid succession.

"Thus far, Rowhammer has been commonly perceived as a dangerous hardware bug that allows attackers capable of executing code on a machine to escalate their privileges," the researchers wrote. "In this paper, we have shown that Rowhammer is much more dangerous and also allows for remote attacks in practical settings. We show that even at relatively modest network speeds of 10Gbps, it is possible to flip bits in a victim machine from across the network."

Read 9 remaining paragraphs | Comments

view Arstechnica
#biz it