Friday, October 11, 2024
HomeComputer SecurityRowhammer based RAMBleed Attack Enables Hackers to Steal Data from Computer’s Physical...

Rowhammer based RAMBleed Attack Enables Hackers to Steal Data from Computer’s Physical Memory

Published on

Malware protection

RAMBleed is a new Rowhammerbased side-channel attack that enables an attacker to read out the physical memory associated with the other process.

Academic researchers Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss form Graz University and Yuval Yarom from University of Adelaide and Data 61 disclosed the attack method.

The RAMBleed attack is based on the previous Rowhammer attack, which lets the attacker flip the bit’s in the memory space of another process.

- Advertisement - SIEM as a Service

Rowhammer is a readability issue in DRAM that enables an attacker to flip bits in the memory space of other processes. “We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her memory, can deduce the values in nearby DRAM rows.”

The RAMBleed shifts that Rowhammer is not only a threat by integrity but also a threat in confidentiality level as well. Like ROwhammer it doesn’t require any flip bits, so it is effective against ECC memory commonly used by server computers.

By exploiting the vulnerability, attackers can retrieve any data stored in the computer’s physical memory. To demonstrate, researchers presented an end-to-end attack on OpenSSH 7.9 that extracts an RSA-2048 key from the root level SSH daemon.

RAMBleed exploits a physical phenomenon in DRAM DIMMs wherein the likelihood of a Rowhammer induced bit flip depends on the values of the bits immediately above and below it.

Any system that uses Rowhammer-susceptible DIMMs is vulnerable to RAMBleed attack. According to researchers may classes of computers vulnerable are to RAMBleed.

The positive sign is that the attack was not exploited in the wild, and the vulnerability can be tracked as CVE-2019-0174.

RAMBleed Mitigations

Users are recommended to upgrade with memory to DDR4 with targeted row refresh (TRR) enabled.

Manufacturers can mitigate the issue by more rigorously testing for faulty DIMMs.

BLEEDINGBIT – Two Bluetooth Chip-level Vulnerabilities Affected Millions of Enterprise Wi-Fi Access Point Devices

Critical Memory leak bug with Cloudflare leaks cookies, authentication tokens

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...