Archived This Computer Attack Is Amazing, Frightening, and Unlike Anything Else. Its Called Rowhammer. (slate.com)
submitted ago by chakan2
Posted by: chakan2
Posting time: 5.4 years ago on
Last edit time: never edited.
Archived on: 2/12/2017 1:51:00 AM
Views: 1288
SCP: 32
34 upvotes, 2 downvotes (94% upvoted it)
Archived This Computer Attack Is Amazing, Frightening, and Unlike Anything Else. Its Called Rowhammer. (slate.com)
submitted ago by chakan2
Sort: Top
[–] chakan2 [S] 0 points 14 points 14 points (+14|-0) ago
The fun stuff all happens on the 2nd page...if you're too lazy to click through, this is the awesome sauce.
[–] praguepride 0 points 5 points 5 points (+5|-0) ago
It's an interesting physical gimmick right now but you better believe "security" teams are testing the crap out of this to try and figure out remote control. I bet it'd be tailored towards a particular chip set/OS combination though for a remote hack because you would need to know how the data is physically being stored to know what to rowhammer.
HOWEVER as they speculate, if you could do this on a global level, you could raise huge numbers of bots without going through the effort of hacking. Insert your rowhammer into a website, give it a click-baiting title like "10 Celebrities Bare All" (You'll be surprised by #4) and then just sit back and if it works it works, if not no sweat.
Make some changes, give it a new click bait title and get more bots. Repeat over and over and over again and now you've got a smorgasboard of bots without ever really trying.
[–] tolstoshev 0 points 4 points 4 points (+4|-0) ago
That's fascinating - the boundary between hardware and software is always interesting.
[–] [deleted] 4 points -3 points 1 point (+1|-4) ago
[–] chakan2 [S] 0 points 15 points 15 points (+15|-0) ago
The language used isn't the interesting bit here...it's a physical exploit. That is bad ass...they're using the frequency of data writes to one sector to manipulate other unrelated sectors.
Think of it as running a magnet across the chip to wipe the bits...now...instead of a magnet I just start writing to one chip super fast to create that same field and manipulate stuff around it.
It's an awesome hack.
[–] Vespera 0 points 10 points 10 points (+10|-0) ago (edited ago)
I'm not sure you understood the article. The vulnerability in question is hardware oriented: they only used JavaScript to demonstrate it.
Rowhammer could theoretically be exploited by almost any computer process. It doesn't matter what software/language/operating-system is used. It is a CPU security hole - which is something that can't be fixed without a major BIOs update. Assuming one is provided, and the user is savvy enough to install it.
For now, it has only been demonstrated locally.
[–] praguepride 0 points 5 points 5 points (+5|-0) ago
Said someone who didn't read the article :P