Somewhere in Google HQ, a group of security analysts spends days and nights trying to counter the hacking technique that broke every security model ever implemented.
It has been four years since Rowhammer surfaced.
Security can be compromised by minuscule mistakes/vulnerabilities. Google understood this. But not before suffering from the Heartbleed Vulnerability security crisis, 2014.
Heartbleed
Amidst the thousands of transactions that happen between web apps and their servers, there is one seemingly non-threatening request called the Heartbeat- used primarily to confirm whether a connection between the two machines exists.
This is done using a simple verification. The server sends an encrypted message to the machine, and the machine sends the same message back to the server.
The request contains information about its own length (generally whether the data is 40KB or 64KB long). The vulnerability was identified when the server claimed that there was 40KB data present in the message, while data less than 40KB was only sent.
Crucially, this gap of a few bytes led to one of the biggest exposes of network vulnerability where major players like Yahoo and Google were losing sensitive information.
When the machine sends the 20 KB (claiming to be 40KB) message back to the server, it sends 20KB of the data it received along with whatever 20KB of data was stored near the heartbeat buffer. This other 20KB could be passwords or usernames or any other sensitive information.
Although the attacker might not know what he would find in the remaining 20KB data, ‘sensitive information being exposed to data loss’ was the biggest takeaway.
Why did this happen?
OpenSSL, which implemented the TLS/SSL that contained the heartbeat request, had a serious flaw nobody noticed.
Only whether a message was received back from the machine was verified and not whether the exact same message was received.
Aptly named as Heartbleed, this crucial flaw cost a lot. Google realized there could be many other vulnerabilities lurking in software and networks that neither the companies nor the attackers knew.
Project Zero
They came to a conclusion. They decided to assemble a team of security experts, give them all the resources they required, and to let loose these analysts to find vulnerabilities in other software people access.
Once a vulnerability is identified they are communicated only to that company with an agreement that if the issue isn’t fixed with a patch in 90 days, the vulnerability will be exposed to the public.
These cyber bounty hunters have a simple objective. Identify possible zero-day vulnerabilities before attackers do, thereby giving the vulnerable companies a chance to safeguard their data.
They went on to identify Rowhammer- a threat that could manipulate electric charge in physical memory to corrupt data in ways unimaginable.
This team from across the globe was named Project Zero.
Rowhammer
Zero days are vulnerabilities in software, hardware or firmware that were previously unknown. Heartbleed was a zero-day before it was fixed. So was Rowhammer.
Rowhammer is not a gap in safeguard like Heartbleed. It is more of a side-effect that went over everyone’s heads. To understand Rowhammer, some basic understanding of physical memory is required. This might get a bit into basic electronics because this is one of the few threats that operate on the physics of storage.
There are many types of Random Access Memory, of which, Dynamic RAM is commonly used in devices. DRAM works using semiconductor cells in the circuit board. Each of these semiconductor cells is called a Memory Cell.
Every bit of data stored, occupies a separate cell. This cell is configured as 1 or 0 using a capacitor. When the capacitor is in a charged state, it is 1, otherwise 0. Capacitors tend to lose their charge over time and if they do, there is a change in the bit value, more commonly called as Bit flip. This is why all the cells need a rewrite periodically, a process called as Refreshing.
DRAMs have improved over the years. The cells are smaller, thus leading to a larger number of cells with the electromagnetic interactions between cells growing rapidly. While this sounds good, it also means, the scope for data loss or data corruption is massive. Because of the high density of cells with improvement in DRAM designs, the interactions between cells sometimes randomly change the value of a neighboring cell. This is called a Disturbance Error.
In DRAMs, there is a specific type called DDR3 SDRAM. A paper by Yoongu Kim looked into the possibilities of bit flips in this and introduced the world to Rowhammer in 2014.
When a row is accessed, it is called Row Activation. Every time a row of memory cells is activated, an unintended effect is the voltage fluctuations. When the memory cells in a row are repeatedly accessed (hammered), the voltage fluctuation causes the capacitor responsible for another cell in the neighboring row to rapidly discharge. This discharge leads to a bit flip.
The cell now contains the value 0 when it should’ve had 1. This is the Victim Cell.
Project Zero Exploits- 2015
Project Zero jumped in on this. They ran a number of tests and realised after approximately 1,39,000 access of a row, a disturbance error could be caused in 1 in every 1,700 cells. Naturally, they decided to dive in and see how much can be made out of this exploit.
There are multiple ways to select a victim row. To cause bit flips one needs to activate the neighboring target cells that exist within the same bank of the virtual address. Apart from random memory selection or to identify uncached addresses using a timer or mapping physical addresses, they found a more targeted and successful exploit.
When a single row is hammered, a cell gets victimized. What happens when two rows above and below the victim row are hammered at the same time? The victim row showed more signs of disturbance errors. This is called Double-sided Hammering.
The paper in 2014 had predicted hijacking of systems using these targeted bit-flips. Project Zero made it a reality. Project Zero ran two tests. The NaCl test and a standard Privilege Escalation Exploit, where a bug is used to gain access to resources that are generally out of bounds from the user.
They succeeded in both the tests.
Test 1: Sandbox Escape
Google’s Native Client is a sandbox to run executables. The aim of the experiment by Project Zero was to see whether the Rowhammer effect can be exploited to escape the sandbox and gain privileges by issuing syscalls. The test involves installing 250MB of jump instructions. These jump instructions are an indirect type and are all targeted to safe addresses inside the sandbox.
Then the hammering begins.
A cache flushing command called CLFLUSH is used on the code area and continuously observed for any bit-flips that could modify the jumps. These indirect jumps could then be used to call the shellcode and gain privileges. Although, this specific exploit has been dealt with by disallowing CLFLUSH command in NaCl code. But many researchers are coming up with ways to implement a rowhammer without using CLFLUSH.
Test 2: Kernel Privilege Escalation
This second exploit had a different objective that could have implications in the linux hypervisors. This exploit ran as an unprivileged Linux process on an x86 architecture. The objective was to leverage Rowhammer to gain unrestricted access to all physical memory.
The exploit’s crucial part was the Page Table Entry (PTE). A PTE maps the virtual memory to a physical memory. By combining rowhammer effect and spraying certain sequence of bytes at target locations, a bit-flip in the PTE could be achieved. With this bit-flip, access to all physical memory was straightforward. Since the Linux-kernel was bypassed in this exploit, it is entirely possible to bypass linux-based hypervisors without any mitigations at all.
Within 300 seconds of inducing the rowhammer code, the exploit was successful.
From then, every news piece on rowhammer has been about how an exploit was successful or how an exploit could never be mitigated unless an anti-rowhammer mechanism is implemented in the device.
Drammer- October 2016
“Until recently, we never even thought about hardware bugs After the successful exploits by Project Zero and failure to find any real mitigation, another news broke out about an app called Drammer built by academicians to gain root access to Android phones. The app can root phones from major players like Samsung, Moto and OnePlus. But the researchers could never figure out why they got inconsistent results. There were many parameters to be factored in- the suppliers of the memory cells, the age of the device resulting in a wear and tear of cells and so on. When they submitted their findings to Project Zero, a bounty of 4,000 dollars was given to the team. The researchers realized that, only by large-scale tracking and observation of the behavior of drammer in various devices would they be able to understand the true nature of Rowhammer’s impact. Immediately after receiving their reports, Google assigned the tag “Highly Critical” to the vulnerability that was now going beyond the understanding of security domain experts. “We can reliably corrupt the memory of a target VM in a highly precise and controlled way. Scientifically, this is our contribution—we show for the first time it is possible to effect this seemingly random corruption on data anywhere in the software stack in a highly precise and controlled way.”- Ben Gras, one of the Vrije Universiteit Amsterdam researchers. The team behind Drammer also came up with the flip feng shui. While traditional feng shui aims to create harmony at home, flip feng shui positions sensitive data in the physical memory in locations that are susceptible to Rowhammer, thus creating turmoil. In their experiments, they created an attacker VM that could gain unauthorized access to target VMs in the same cloud host, using the bit-flip. To accomplish their exploit, they need to know the public keys of the target VMs. The Flip Feng Shui creates the bit-flip in the specific part of the public key, thus making the network easier for the attacker to decipher thus deriving the private key. All that is left is to make the target VM take the altered public key as its public key. Since the private key is already available, gaining SSH access is the next logical step. All these could be possible only if deduplication is used in the cloud network, thus sharing same pages between multiple VMs. They came up with a variety of defense measures against a possible Rowhammer attack in the future. “Thus far, Rowhammer has been commonly perceived as a dangerous hardware bug…In this paper, we have shown that Rowhammer is much more dangerous and also allows for remote attacks in practical settings”- Researchers at Vrije Universiteit Amsterdam & University of Cyprus This was more of an experiment. A possibility of a new breed of attackers. This exploit was targeted at a memory-cache server, a server that is used to improve the performance of the website by reducing the number of times database is accessed. Throwhammer uses data packets to initiate the hammering. Remote Direct Memory Access- that allows devices to read/write the memory of other devices without CPUs or other resources- is used to trigger the exploit. The attacker needs to register a large amount of memory space (buffer) on the NIC of the target. Then begins the rapid assault of requests from multiple buffer locations in quick successions. What follows is a precise Double-sided Rowhammer attack on the target. The bits flip. The attacker succeeds. The team from Drammer struck again. This time using GPUs instead of relying on CPUs. But this entire exploit was hanging on a big “if” because its preliminary requirement was that a malicious app should already be installed in the phone. GLitch- named to highlight Graphic Library- runs by hosting a malicious Javascript in the web-browser by hacking the Android phone. All this successfully executed under 120 seconds. With this, the attacker can spy on user’s browsing data and steal credentials. In the past four years, since the term Rowhammer has come to light, the different possibility of causes for these attacks have been identified while the mitigation measures have not really lived up to handle the scope of the threat. The problem lies in the hardware. Every software patch that is ever created against Rowhammer can neutralize only that specific attack. Rowhammer can take many forms. It is constantly evolving and security experts hope to catch up with it before any severe damage is rendered across the world. Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.Flip Feng Shui- August 2016
Throwhammer- May 2018
GLitch- May 2018