JavaScript exploit for DDR4 attacks created

JavaScript exploit for DDR4 attacks created

Scientists from the Free University of Amsterdam and the Swiss Higher Technical School of Zurich have developed a new variation of the Rowhammer attack and named it SMASH (Synchronized MAny-Sided Hammering). This attack can be exploited through JavaScript and a browser and is dangerous even for modern DDR4 memory.

Let me remind you that the original attack Rowhammer back in 2014 came up with researchers from Carnegie Mellon University. Its essence boiled down to the fact that a certain effect on memory cells can lead to the fact that electromagnetic radiation will affect neighboring cells, and the values ​​of the bits in them will change.

JavaScript exploit for DDR4 attacks created

Initially, Rowhammer attacks only worked locally, but by 2016 the technique was improved, and Rowhammer was adapted for remote work using JavaScript (for example, in a browser). In general, DDR3 and DDR4 memory can be vulnerable to Rowhammer, and they also managed to adapt the attack against Microsoft Edge and Linux virtual machines. There is even a variation of Rowhammer, which poses a threat to Android devices, and we learned how to increase the effectiveness of attacks using video cards.

Of course, modern memory uses Target Row Refresh (TRR) as a protection – a combination of various software and hardware patches created over the years. But last year, researchers already warned that TRR could be bypassed locally and demonstrated a TRRespass attack.

Now specialists from the Free University of Amsterdam and the Swiss Higher Technical School of Zurich have presented the SMASH attack, which develops the ideas of TRRespass. That is, the new method is also aimed at bypassing TRR, but now remotely – via JavaScript and a browser. Researchers regret to state that many modern DDR4 modules are still vulnerable to Rowhammer.

Experts have shown in the video how SMASH can slowly perform random reads and writes to memory using Firefox (81.0.1) and Ubuntu 18.04 with Linux kernel 4.15.0-111-generic. This could potentially lead to the execution of malicious code, and experts say that in this way they can “completely compromise the Firefox browser in 15 minutes.”

“Our work confirms that the Rowhammer problem continues to threaten Internet users. To make matters worse, our study of synchronization mechanisms shows that an attacker has even more control than previously thought. That is, it will be even more difficult to build the proper protection against Rowhammer, which we need while the problem is urgent, ”- says the authors of SMASH.


ProApk on Telegram

ProApk on Google News

ProApk on Twitter

ProApk on Facebook