Project Zero, the team of experts Google commissioned to find cybersecurity threats last year, have detailed what’s being described by some as one of the more impressive hardware hacks in recent memory (no pun intended).
Google became aware of an issue known as rowhammer through a paper published last year called Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors.
As described in a blog post by self-professed sandbox builder and breaker Mark Seaborn, rowhammer is a result of DRAM cells getting smaller and closer together over the years. The term describes an effect in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. Only a few short lines of code are needed to generate bit flips.
The Project Zero team performed tests on a selection of readily available x86 laptops and discovered that a large subset of machines exhibited rowhammer-induced bit flips. All of the machines in question were produced between 2010 and 2014 and used DDR3 DRAM.
They are quick to point out, however, that their sample size was not large enough to be considered representative and that a negative result on a given machine doesn’t rule out the possibility of it being susceptible to rowhammer.
The team said the exploit can be used to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. The process was able to induce bit flips in page table entries (PTEs) and as Seaborn added, it was able to use this to gain write access to its own page table and hence gain read-write access to all physical memory.
It’s unclear at this time how many machines are vulnerable to the attack. What’s more, the team doesn’t know how many existing vulnerable systems can be fixed.