It is getting pretty damn scary just how many ways you can extract and move information. Do not assume anything is safe.PRACTICALLY EVERY WORD we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.
Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.
Breaking Assumptions
Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.
It’s messy. And mind-bending. And it works.
Rowhammer and similar attacks could require both hardware and software makers to rethink defenses based on purely digital models. “Computers, like all technologies really, are built in layers that make assumptions of one another. Think of a car, assuming its wheels roll and absorb shocks, and don’t melt into goop when they get wet,” says security researcher Dan Kaminsky, who found a fundamental flaw in the Internet’s domain name system in 2008. “What’s interesting about networked technology is the fact that those assumptions can be attacked.”
Forget Software—Now Hackers Are Exploiting Physics
Moderator: Moderators
- Sabre
- DCAWD Founding Member
- Posts: 21432
- Joined: Wed Aug 11, 2004 8:00 pm
- Location: Springfield, VA
- Contact:
Forget Software—Now Hackers Are Exploiting Physics
Wired
Sabre (Julian)
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
- ElZorro
- DCAWD Founding Member
- Posts: 5958
- Joined: Thu Aug 12, 2004 8:00 pm
- Location: USA! USA!
Re: Forget Software—Now Hackers Are Exploiting Physics
And of course, a quote from one-trick-pony Dan... I wonder if he'll just take over for Bruce naturally when Bruce dies or if they've pre-coordinated.
Jason "El Zorro" Fox
'17 Subaru Forester 2.0XT
DCAWD - old coots in fast scoots.
'17 Subaru Forester 2.0XT
DCAWD - old coots in fast scoots.