TECH

Potentially disastrous Rowhammer bitflips can bypass ECC protections

In early 2015, researchers unveiled Rowhammer, a cutting-edge hack that exploits unfixable physical weaknesses in the silicon of certain types of memory chips to transform data they stored. In the 42 months that have passed since then, an enhancement known as error-correcting code (or ECC) available in higher-end chips was believed to be an absolute defense against potentially disastrous bitflips that changed 0s to 1s and vice versa.
Research published Wednesday has now shattered that assumption.
Dubbed ECCploit, the new Rowhammer attack bypasses ECC protections built into several widely used models of DDR3 chips. The exploit is the product of more than a year of painstaking research that used syringe needles to inject faults into chips and supercooled chips to observe how they responded when bits flipped. The resulting insights, along with some advanced math, allowed researchers in Vrije Universiteit Amsterdam's VUSec group to demonstrate that one of the key defenses against Rowhammer isn't sufficient.

A major milestone
Importantly, the researchers haven't demonstrated that ECCploit works against ECC in DDR4 chips, a newer type of memory chip favored by higher-end cloud services. They also haven't shown that ECCploit can penetrate hypervisors or secondary Rowhammer defenses. Nonetheless, the bypass of ECC is a major milestone that suggests that the threat of Rowhammer continues to evolve and can't easily be discounted.
"It has so far been assumed that ECC provides a strong protection against Rowhammer attacks," Kaveh Razavi, one of the VUSec researchers who developed the exploit, told Ars. "ECCploit shows for the first time that it is possible to mount practical Rowhammer attacks on vulnerable ECC DRAM."

In the research paper, the researchers wrote:
Rowhammer has evolved into a serious threat to computer systems, from the smallest mobile devices to very large clouds, but so far machinery with high-end memory with error correcting code (ECC) has been free from such attacks. This has been due to the complex challenge of reverse-engineering commodity ECC functions and, more importantly, to the narrow margins within which attackers must operate: multiple bits must flip in order to bypass the error-correcting functionality, but flipping the wrong number of bits may crash the system. Thus, many believed that Rowhammer on ECC memory, even if plausible in theory, is simply impractical. This paper shows this to be false: while harder, Rowhammer attacks are still a realistic threat even to modern ECC-equipped systems. This is particularly worrying, because all other existing defenses have already been proven insecure. Given the proliferation of Rowhammer vulnerabilities across a broad range of systems, we urgently need better defenses against these attacks.
To review, DDR memory is laid out in an array of rows and columns that are assigned in large blocks to various applications and operating-system resources. To protect the integrity and security of the entire system, each allocated chunk of memory is contained in a "sandbox" that can be accessed only by a given app or OS process.
As the physical dimensions of chips have shrunk over time, there is less space between each DRAM cell. The tight quarters threaten this security model because they make it increasingly hard to prevent a cell assigned to one app or process from interacting electrically with neighboring cells assigned to a different app or process.
Rowhammer exploits this physical weakness by rapidly accessing—or "hammering"—one or more carefully selected rows inside a vulnerable DIMM. By reading one or more "aggressor" rows of memory thousands of times a second, the exploit can reverse one or more bits in a "victim" location. When done with precision, Rowhammer can flip bits in ways that have major consequences for security, for instance, by allowing an untrusted app to gain full administrative rights, breaking out of security sandboxes or virtual-machine hypervisors, or rooting devices running the vulnerable DIMM.

ECC: Some restrictions apply
ECC works by using what are known as memory words to store redundant control bits next to the data bits inside the DIMMs. CPUs use these words to quickly detect and repair flipped bits. ECC was originally designed to protect against a naturally occurring phenomenon in which cosmic rays flip bits in newer DIMMs. After Rowhammer appeared, ECC's importance grew when it was demonstrated to be the most effective defense.

But some limitations apply. ECC generally adds enough redundancy to repair single bitflips in a 64-bit word. When two bitflips occur in a word, it will cause the underlying program or process to crash. When three bitflips occur in the right places, ECC can be completely bypassed.
Until now, there has been little public knowledge about how ECC worked. The VUSec researchers spent months reverse-engineering the process, in part by using syringe needles to inject faults into chips and subjecting chips to a cold-boot attack. By extracting data stored inside the supercooled chips as they experienced the errors, the researchers were able to learn how computer memory controllers processed ECC control bits.


Dan Goodin