Researchers abuse DDR3 leak from Web




Researchers have managed to exploit a bug in DDR3 memory with javascript. This allows any Web page flipping bits in the memory, even if the browser running in a sandbox, and thus would not be possible.

Promise 8GB DDR3 The bug, which by Google researchers previously Rowhammer is baptized , is not new, but Austrian and French researchers now have a way found to exploit the bug from a website. This is done by exploiting vulnerabilities in physical DDR3 memory.

The researchers made an attack that worked on a system with Intel Haswell processor in a browser javascript within a sandbox. In addition, an attacker can gain root access to a system, the researchers suspect. The attackers managed to exploit the bug at least in Firefox and Chrome.

The problem that the researchers expose, is located in the physical DDR3 memory. Because memory on an increasingly smaller scale is created and memory cells are increasingly closer together, the electric charge in the memory bits can ‘leak’ into adjacent bits.

This could, was already known, but that it also could from a web page, still had not been shown before. The vulnerability is in different models DDR3 memory available, but not in memory: memory with error correcting code does not suffer from it. Also DDR4 memory is not vulnerable. It does still only comes to PCs, but the researchers believe that research is needed to phones because they contain a variation of DDR3 memory.

Because it is a physical vulnerability, working software protected against attacks – like sandboxing and data execution prevention – no more. As a result, a web page can inject its own code in the memory and then to perform. That is a very serious vulnerability, especially as they software is not to solve. Only a bios update could still provide some relief. However, it is difficult to make a concrete attack; even though bit flipping is possible, namely, that has also once again be done in the right order.

In this particular case there is a workaround which could limit the impact. Javascript would slowly rotate to make it harder to exploit the bug. In addition, the researchers recommend that users disable javascript. For instance through an extension like NoScript.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »