How all Your Intel Computers and Intel Cars are Vulnerable

Researchers show how to remotely exploit the DRAM “Rowhammer” bug by using JavaScript

Security researchers believe that the cyber attackers could adapt the existing Rowhammer exploits to their attack techniques and easily gain root privileges to the computer.

A team of Austrian and French security researchers have now discovered a new security exploit which they refer as “Rowhammer”. As per the researchers this vulnerability can be exploited remotely by using JavaScript.

The team claims this to be the first remote software-induced hardware fault attack.

The downside here is that it is a hardware flaw and not a software flaw, thus it could be present in any computer which has the Intel Processor built since 2009.

The next bad news is that hackers can exploit this flaw through any webpage.

Researchers say that there is a design defect in the Intel’s ‘Dynamic Random Access Memory’ or DRAM chips which provides an easy access to the malicious hackers who are just waiting for the right opportunity to attack the user and collect their personal credentials.

The security researchers say that memory cells in DRAM chips are placed closely, this is done to increase the capacity and decrease the size. However it is this particular placing of the memory cells which leads to the vulnerability, because it becomes difficult to prevent the cells from electrically interacting with each other and repeated access of specific memory locations results in bit flips which can be exploited by the hackers for privilege escalation.

Websites usually have the JavaScript codes which aids in easy navigation of the site. It is due to the JavaScript coding that users can get access to the interactive tools such as drop-down menus and animations, so we can say that JavaScript is ubiquitous and can be found on almost all the websites on the Internet.

Now, coming back to our topic, these malicious hackers use the JavaScript coding on the websites to get an access to the security vulnerability in the DRAM chips present in the Intel computer chips.

Next, hackers amalgamate the animations or images with their malware and just wait patiently for the user to click this file. Once user clicks the malicious animation or image, the crooks get an easy access to their computer.

The research paper published last week reads “Rowhammer.js is possible because today’s JavaScript implementations are well optimized and achieve almost native code performance for our use case. JavaScript is strictly sandboxed and the language provides no possibility to retrieve virtual or physical addresses. However, the usage of large pages allows determining parts of the physical address.”

Proof-of-Concept (PoC)

The team of security researchers comprising of Daniel Gruss Graz from University of Technology, Austria, Cl´ementine Maurice Technicolor, Rennes, France and Stefan Mangard Graz University of Technology, Austria have published a detailed Proof-of-Concept on the Rowhammer bug which can be accessed here.

Now, Windows as well as Mac computers use Intel chips, which means any computer holds the risk of getting infected by the hackers at any point of time.

Another bad news is that there is no patch, as of now, to fix this issue!

Researchers say that the flaw is not related to the Web server or search engine; however it is something to do with the hardware and internal parts of the computer. Hence, the only solution for now would be to actually replace millions of DRAM chips which are present in the CPU of the computer.

Hopefully, Intel is working to get some solution to this issue soon.

For now, Apple and other hardware manufacturers have released BIOS updates to reduce the Rowhammer attacks.

However, it is a fact that most of the users never update the BIOS and hence the security experts have advised the browser vendors to incorporate certain mechanisms in their products which will protect users against the Rowhammer attacks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s