Enlarge / Two DDR4 DIMMs.
Rowhammer exploits, which allow unprivileged attackers to modify or damage data stored on vulnerable memory chips, are now possible on virtually all DDR4 modules.
Rowhammer attacks work by accessing physical rows in vulnerable chips millions of times per second or hammering them so that bits in adjacent rows are flipped, meaning 1s become 0s and vice versa. Researchers have shown that the attacks can be used to give untrusted applications almost unlimited system privileges, bypass security sandboxes designed to prevent malicious code from accessing sensitive operating system resources, and to root or infect Android devices, among other things .
All previous Rowhammer attacks have hammered rows with consistent patterns such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” lines – ie those that cause bit flips in neighboring “victim” lines – are accessed with the same frequency.
Rowhammer access pattern from earlier work showing the spatial arrangement of aggressor rows (in black) and victim rows (in orange and cream) in the DRAM memory.
Jattke et al.
Relative activation frequency, ie number of ACTIVATEs per aggressor row in a rowhammer pattern. Notice how they pound the aggressors evenly.
Jattke et al.
Bypass all in-DRAM mitigations
Research published on Monday presented a new row hammer technique. It uses irregular patterns that access two or more rows of aggressors with different frequencies. The result: All 40 randomly selected DIMMs in a test pool experienced bit flips, compared to 13 of 42 chips tested in earlier work by the same researchers.
“We found that by creating special memory access patterns we can bypass all of the attenuations that are provided in DRAM,” wrote Kaveh Razavi and Patrick Jattke, two of the research authors, in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. Due to their hardware nature, these problems cannot be patched and will be with us for many years to come. “
The uneven patterns work against the target line update. Attenuation, abbreviated as TRR, works differently from provider to provider, but generally tracks the frequency with which a line is accessed and recharges neighboring victim lines when there are indications of abuse. Neutralizing this defense will put further pressure on chipmakers to fend off a class of attacks that many people thought newer types of memory chips were resistant to.
In Monday’s newspaper, the researchers wrote:
Proprietary, undocumented In-DRAM TRR is currently the only weakening that stands between row hammers and attackers who exploit it in various scenarios such as browsers, cell phones, the cloud and even over the network. In this article we show how deviations from known uniform rowhammer access patterns enable attackers to flip bits on all 40 recently acquired DDR4 DIMMs, 2.6 times more than the prior art. The effectiveness of these new inconsistent patterns in circumventing TRR underscores the need for a more principled approach to countering rowhammers.
The effects of previous rowhammer demonstrations were grave. In one case, researchers were able to gain unrestricted access to all of the physical memory by reversing bits in the page table entry that maps the memory addresses. The same research also showed how untrusted applications can gain root privileges. In another case, the researchers used Rowhammer to extract a 2048-bit encryption key from memory.
Razavi and Jattke said that one of their students was able to use the new approach to reproduce the crypto-key attack, and simulations suggest that the other attacks are possible too. The researchers did not fully implement the previous attacks due to the considerable technical effort involved.
The researchers implemented the uneven access patterns with a specially designed “fuzzer”, software that detects errors by automatically inserting incorrect data into hardware or software in a semi-random manner. The researchers then pointed out to Blacksmith, as they called the fuzzer, a variety of DDR4 modules that make up about 94 percent of the DRAM market.
For our assessment, we took a test pool of 40 DDR4 devices from the three major manufacturers (Samsung, Micron, SK Hynix) into account, including 4 devices that did not report their manufacturer. We run our Blacksmith fuzzer for 12 hours to assess its ability to find effective patterns. Then we swept the best pattern (based on the total number of bit flips triggered) over a contiguous memory area of 256 MB and reported the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices from [two unnamed manufacturers].
We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack that targets the page frame number of a page table entry (PTE) in order to pivot it to a page table page controlled by the attacker, an attack on the RSA public Key 2048, which allows recovery of the associated private key used to authenticate with an SSH host, and an attack on the sudoers.so library’s password checking logic that allows it to become root.
Representatives from Micron, Samsung, and Hynix did not respond to emails asking for comments on this post.
Gradually gain speed
PCs, laptops and cell phones are hardest hit by the new findings. Cloud services like AWS and Azure remain largely safe from Rowhammer as they use high-end chips that include a defense called ECC, short for Error Correcting Code. The protection works by using so-called memory words to store redundant control bits alongside the data bits within the DIMMs. CPUs use these words to quickly identify and repair flipped bits.
ECC was originally designed to protect against a naturally occurring phenomenon where cosmic rays flip bits in newer DIMMs. After Rowhammer’s appearance, the importance of ECC grew when it turned out to be the most effective defense. Studies published in 2018 showed, however, that contrary to the opinion of many experts, ECC can be bypassed even after reverse engineering of the mitigation in DDR3 DIMMs.
“DDR4 systems with ECC will likely be more usable after the ECC functions have been reverse engineered,” said researchers Razavi and Jattke.
In addition to Razavi and Jattke from ETH Zurich, the research team also includes Victor van der Veen from Qualcomm, Pietro Frigo from VU Amsterdam and Stijn Gunter. The title of her paper is BLACKSMITH: Scalable Rowhammering in the Frequency Domain.
The researchers also cited their earlier-mentioned TRR research and results here, showing that operating chips in dual update mode is a “weak solution that does not provide full protection” against rowhammers. The researchers also said that doubling the refresh rate increases power expenditure and power consumption.
The picture emerging from this latest research is that Rowhammer is not yet a major threat in the real world, but the incremental advances in attacks over the years could one day change that.
“In summary, our work confirms that DRAM vendors’ claims about rowhammer protection are false and lure you into a false sense of security,” the researchers write. “All the defensive measures currently in use are not sufficient to provide complete protection against rowhammers. Our novel patterns show that attackers can exploit systems more easily than previously thought. “