With are: · Rowhammer · Dirty Cow

With the adoption of information technology, the
field of cyber security is seeing an upward trend. It is very important for
everyone to be secured and be aware of all the vulnerabilities and be secured
from them. Vulnerability is the weakness or flaw in the asset which leads an
attacker to get unauthorised access to the asset. It is a cybersecurity term
which refers to flaw in system which makes it open to the attack. Vulnerability
can be categorised into 2 types: Software Based and Hardware Based Vulnerabilities.
Software Based vulnerabilities are common and are known mostly, the causes of
these vulnerabilities are:

·       Software flaws

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

·       Faulty configurations

·       Weak passwords

·       Human error.

Hardware Based vulnerabilities is the unexpected
flaw in the computer system that enables attack through remote or physical
access to system hardware. Attacks due to Hardware Based vulnerabilities are
very rare so companies do not take it seriously, but these kind of hardware
vulnerabilities should be taken care of because they are looming. Modern
processors have improved performance and functionality due to added features,
which also makes it complex and introduces critical security bugs that makes it
possible for the attacker to bypass the security policy and to get into the system.
Hardware bugs are infecting nearly all modern processors and due to which there
are vulnerabilities which the hackers try to exploit, hardware threats/vulnerabilities
is an serious concern for industry researchers and designers. It is very
important to understand the causes of these vulnerabilities, threats due to
them and their impact on organisation. Hardware threats are new addition to the
threat matrix, they are can be classified into 2 categories:

·       Exploit 1 or more
vulnerability that exits in shipped products

·       Use or rewrite the firmware/content
chip to spread malware.

These types of attacks require most sophisticated attack
technique, they are easy to exploit, but once the exploitation is done it is
very difficult to detect them and much harder to remove them, latest anti malware
system cannot detect the firmware-based vulnerability. This article showcases 3
different hardware vulnerabilities which affected lot of systems till date.
Here we will compare these 3 vulnerabilities, understand the vulnerability,
causes of these vulnerabilities and their remediation.

The 3 vulnerabilities are:

·       
Rowhammer

·       
Dirty Cow

·       
Spectre and Meltdown

 

 

 

1.      Row
hammer (Bit Flip Hardware Vulnerability)

 

DATE OF ISSUE:

07/02/2015

CVE-ID:

CVE-2015-3693

CVSS SCORE:

9.3

CRITICALITY:

HIGH

EASE OF EXPLOITATION:

HARD

IMPACT RADIUS:

Devices with DRAM
memory

REMIDIATION

AVAILABLE

 

Rowhammer is a type of cyber attack
which is possible due to vulnerability in DRAM (Dynamic Random-Access memory).
It allows an attacker to exploit the devices with DRAM memory. The attacker exploits
it by repeatedly accessing (hammering) a row of memory until it causes bit
flips and transistors in adjacent rows of memory reverse their binary state:
ones turn into zeros and vice versa.

 

Before understanding the
ROWHAMMER vulnerability, we will discuss how our computer works?

 

                                                            

 

 

 

 

 

 

 

 

 

 

 

In computer we have different many
different parts like input/output devices:
Keyboards mouse etc. CPU, Memory: Hard disk, SSD, DRAM, RAM. The program
gets loaded from Computer Memory to CPU and it gets executed by the CPU and
there are lots of passes in between the CPU and memory and this is how the
program runs and it generates some output through output device. There re many
applications running together in the computer and the CPU is trying to switch between
them and while doing so the CPU stores the part of program in the internal memory
called DRAM (Dynamic Random-Access Memory). Operating system shell also uses that
same memory to store its data and code. So, all the data and code are stored in
the same memory adjacent to each other. Data such as tabs of browser, about the
current ongoing activity in the system, important OS data is stored in the same
memory.

 

And if we look at the way the memory works, if we look at DRAM it means random access memory,
that is any data is randomly placed in any memory cell for e.g.: your data can
be placed adjacent to the code that operating system uses. This is how the data
is stored in the memory, how this memory works ? The data in the memory is
stored in terms of bits that is 0 and 1, any instructions/data is stored in terms
of 0 and 1 in the memory i..e. the digital representation of data. It comprises
of tiny little cells which comprises of 1 transistor and 1 capacitor, if it is
high charge capacitor it means that the values is 1 otherwise it is 0,with this
we can store any kind of data or program or any media. Actually, in memory these
bit are arranged in matrix like shown below:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

                 

 

 

 

 

 

 

 

?

 

 

 

 

 

 

If we want to retrieve
information from 1 bit of memory, what would happen by DRAM is it would retrieve
an entire row and place it in buffer i.e. from which it retrieves the information
and from there the information is retrieved. D part of the DRAM states
that it is dynamic which means when you charge on the capacitor after sometime
its starts to fade away it doesn’t stay so after shutting down the computer
data in DRAM gets wiped automatically. Hard disk and SSD have special properties
which allows all the data to be stored so they are persistent and durable memory.
In DRAM in order to be able to operate while the computer is running, these capacitors
gets charged and refreshed from time to time for whatever charged rate is
available in DRAM all of them gets refreshed.

 

There are certain things that can
go wrong in DRAM, consider the bits of memory shown in the below figure:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As shown in figure there is row in green, now for some
reason someone continuously trying to retrieve that memory, when we try to retrieve
some data from memory it gets stored into faster tiny memory called cache where
the memory gets stored, this one row of memory is accessed again and again so
it gets hammered, due to hammering the row again and again and while retrieving
data from that row, the information gets leaked to the other adjacent rows.
What actually happens is when we are draining charge from one particular row,
charge from adjacent cells get leaked and some bits flip around, so when we repeatedly
try to access same memory row it can leak bits to adjacent memory lines. For example,
consider the following scenario:

 

 

 

 

 

 

 

 

Understanding the Rowhammer Attack:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

 

 

 

 

 

 

 

 

 

 

          Owned by Chrome Data

 

          OS data having admin privileges

 

 

Consider the row highlighted in
green is owned by the chrome browser , and the one highlighted in yellow is having
the OS data with the admin privileges ,it gives the admin privileges to the program,
by giving an program admin privileges it can access to the bigger part of the computer
.The idea here is the browsers /tabs and the scripts inside the memory they all
are the code running in the computer, the attempt is that they all are
sandboxed away from the rest of the computers in that sense they can access
your files ,this controls are applied by the OS and the  program running and little bitflip can change
this permissions ,flipping on bit can take over the program completely.

 

Impact of Rowhammer Vulnerability:

 

Desktop computers are not affected
from Rowhammer Vulnerability. It doesn’t appear to affect newer laptop
computers. Only Linux operating system is being affected by Rowhammer vulnerability,
running on an x86-based architecture. It is being proved that the vulnerability
is present only on DDR3 memory.