Google Security Researchers Managed To Hack PCs Through Their RAM
If you've read some of my previous stories, then you know how many times I've said that no system is 100% secure. In case you needed more proof, security researchers from Google have managed to write an attack code which creates entry points into a system by rewriting binary values on DRAM memory. As far as official records go, this is the first program of the kind to ever be created.
The code was tested on 30 laptops manufactured between 2010 and now, all of them using DDR3 memory. Even though it only worked on some of the devices, this can still escalate into a major security issue. For obvious reasons, the analysts chose not to disclose the models and brands of the PCs that were subjected to the attack. Mark Seaborn, software engineer with Google, wrote: "We don’t know for sure how many machines are vulnerable to this attack, or how many existing vulnerable machines are fixable". The code used was based on a paper written a year ago which described how, by using a process called bit flipping, a hacker could use electrical interferences to change the binary values (by repeatedly accessing neighboring memory cells).
The scientists involved in the research used an improved version of bit flipping (named rowhammering) and repeatedly accessed a row of memory cells in order to change their values. Once that was successful, the security engineers were able to escalate the privileges of their code beyond the sandbox it was running in, which made it possible to directly access the operating system. A second version of the code used the same rowhammering technique to gain kernel-level privileges. As soon as that part was done, the code gained the ability to read and write all the laptop's physical memory.
If you're still looking for a bit of good news, the only one I got is that preliminary tests have shown the newest type of DRAM, DDR4, to be much resilient to this type of attacks than DDR3. However, we will only know for sure once the research is complete.
..and you're on a roll today)