Rowhammer Redux: ‘Blacksmith’ Fuzzing—Panic Now?
Researchers have cast serious doubt on claims that modern DRAM is safe against Rowhammer bit-flip attacks. By fuzzing the patterns used to attack the memory, they’ve demonstrated escalation of privilege and stolen private keys.
They call their technique Blacksmith. Ironically, it exploits a vulnerability in a key anti-Rowhammer mitigation, known as Target Row Refresh (TRR). By using patterns of varying frequencies, phases and amplitudes, they successfully targeted modern DDR4 DRAM made by Micron, Samsung and SK Hynix.
But is this something to worry about? In today’s SB Blogwatch, we dig in and find out.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Ladybugs.
Let’s Blame Intel (Again)
What’s the craic? Bill Toulas reports—“New Rowhammer technique bypasses existing DDR4 memory defenses”:
“Remains to be seen”
The emergence of this new Blacksmith method demonstrates that today’s DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted. [It] can bypass all software-based security mechanisms, leading to privilege escalation, memory corruption, and more.
…
To prove that this is exploitable in real-world scenarios, the team performed test attacks that allowed them to retrieve private keys … used to authenticate to an SSH host. [They] further found that while using ECC DRAM will make exploitation harder, it will not defend against all Rowhammer attacks.
…
Newer DDR5 DRAM modules are already available. … In DDR5, Rowhammer may not be as much of a problem … but that remains to be seen.
Yikes. Thomas Claburn waxes poetic—“When the world ends, all that will be left are cockroaches and new Rowhammer attacks”:
“Doesn't have much to show for its efforts”
The vulnerability, tracked as CVE-2021-42114 with a severity of 9 out of 10, means that pretty much any shared workload on physical hardware is potentially susceptible. … Scheduled to appear at the IEEE Symposium on Security and Privacy 2022, [it] has been encapsulated in a fuzzer called Blacksmith, that’s been released on GitHub.
…
The researchers conclude that despite efforts to mitigate rowhammer, the situation now is worse than when the technique was first discovered — triggering bit flips on DDR4 DIMMs is easier than prior hardware and is likely to remain so. … An organization called JEDEC (Joint Electron Device Engineering Council) has been developing memory specifications to mitigate rowhammer attacks, but so far doesn’t have much to show for its efforts.
And Dan Goodin adds, “DDR4 memory protections are broken wide open”:
“Incremental advances in attacks”
PCs, laptops, and mobile phones are most affected by the new findings. Cloud services such as AWS and Azure remain largely safe from Rowhammer because they use higher-end chips that include a defense known as ECC, short for Error Correcting Code.
…
The picture that emerges from this latest research is that Rowhammer still doesn’t pose much of a real-world threat now but that the incremental advances in attacks made over the years could one day change that.
All of which gives ctilsie242 pause:
For any long computations, ECC RAM is a must. Why have not we moved to ECC RAM across the board, and not just server CPUs? It not just would render these attacks useless, but also provide more reliable computing day to day.
Why ask why? devin3782 thinks the answer’s obvious:
“The only way to do parity”
Blame Intel for disabling it on their consumer CPUs. I use ECC memory on my Ryzen CPU as it is supported—i.e., it works but it doesn’t seem to report bit flip corrections.
…
I know many say DDR5 has ECC, but thats only on the memory IC—it isn’t true ECC. … The only way to do parity is end-to-end, so the CPU verifies what it has received from memory.
As does eqvinox, regardless of Rowhammer:
Shame on Intel for still walling off desktop CPUs from ECC. … Bit flips that are getting more and more common as the RAM cells are getting tinier and tinier, the stored charges ever smaller and smaller, and thus susceptible to flipping.
But, of course, there’s ECC and then there’s ECC. Here’s xoa, with more:
“Maybe they fail too”
Worth keeping in mind that “ECC” is one of those very broad umbrella terms and that it shouldn’t be used in a security discussion without a lot more qualification. The most common cheap single-bit Hamming or TMR isn’t going to act the same way as something like IBM’s multibit correction Chipkill (or equivalents) or potential multi-bit systems using something like Reed–Solomon.
…
Maybe they fail too, or maybe this is just a case where manufacturers can’t be quite so cheap going forward and need to offer better protection. At any rate, low hanging fruit to try out.
And DamnOregonian agrees:
“Will eventually be broken”
ECC has been broken for Row Hammer since 2018. This was always going to be the case, and adding a parity bit was never going to offer anything but an increased-time-to-exploit.
…
The Row Hammer mitigation strategy for DDR4 (TRR) is old. Older than DDR4. It’s been supplanted by RFM in DDR5. That’s the best protection to continue to mitigate the the inherent vulnerability of DRAM to row hammering.
…
Encryption alone does the trick pretty well. But only for now. … Even hardware encryption will eventually be broken by some kind of side channel.
Meanwhile, I think you ought to know nickcw’s feeling very depressed:
I guess it shows just how close to the edge of not working our modern computing environment is.
And Finally:
Hat tip: kettinwirk-praxis
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Alvaro Calvo (via Unsplash)
