Computer

Just as hackers exploit your PC’s RAM to steal you

What if we told you that there is a problem that affects more than 80% of the DRAM memory chips in the world and that turns each and every system today into a type of malicious attack. Well, this potential problem is present in all PCs and has become little more than a lie to the devil himself for memory manufacturers.

What is the Rowhammer?

We must start from the fact that a DRAM memory chip is made up of a matrix of bit cells where each one is made up of a transistor and a capacitor, which loses charge over time. So it is necessary to continuously recharge electrically so that the data is not lost. By standard and until the 2010s, each row of memory bits had a refresh time, which means to refresh the DRAM.

Well, the Spanish engineer Juan Gomez Lunais currently in the University of Zurichalong with his research team, discovered in 2014 a problem that they named Rowhammer and consists of:

  1. Yes, we access a row of bits continuously during the refresh time
  2. In the end it ends up happening that the information of the adjacent rows changes.

And what happens when the bits in a row of data are changed? Well, when changing the occasional zero for a one and vice versa, it ends up happening that the information is no longer the same, producing errors. said problem started to become noticeable in RAM from 2008 onwards, and it has been growing more and more. The manufacturer’s response? Given that a series of column or Rowhammer hammerings are necessary, less than 5000, the 64 milliseconds between refresh and refresh went from 32 milliseconds and in some cases even 16. Making the energy consumption in this part double and even quadruple.

rowhammer

Why is it a security issue?

By forcing changes to certain specific parts of memory, a malicious program can end up causing certain system security settings to be disabled. Let’s not forget that within the RAM there are two spaces, the one reserved for applications and the one for the operating system, and although we cannot access that part, we can make continuous accesses and cause the Rowhammer and voila, the door is open.

Imagine that someone wants to enter your house, you have the key turned and suddenly By tapping the lock due to the vibration, the mechanism would turn and the door would be open. Well, that is the problem we are talking about and it has become a very popular way for malicious application creators to access other people’s systems and steal data in recent years.

This problem appeared and the use of DRAM memory as potential caches in processors disappeared overnight for more than obvious reasons. The solution to this problem? The use of SRAM memory that does not need to be refreshed, but then the storage capacity of the RAM would drop to 1/4 or even 1/8 per memory chip, which would increase costs and be fatal for many applications.

morpheus

It is used in the world of homebrew consoles

Since it is necessary to have software signed by the manufacturer of a video game system to be able to run programs, being able to access the system’s RAM to find out how it works and see what is happening requires certain invasive methods that are different from the conventional ones.

Rowhammer PS Vita Homebrew

A very common trick is to connect a signal emitter to the memory pins that communicates with the RAM as if it were the processor in order to read its content, but also to know the functions of certain key parts of it. Thus, in order to access the most hidden parts of the system and carry out reverse engineering, a Rowhammer is externally provoked and in this way they can know which parts of memory are crucial in their challenge to break what for them is a puzzle.

And it is not only used in consoles, there are challenges from the big car manufacturers where they give millions to see how long it takes a person to be able to control a next-generation car. It is precisely in this market where most countermeasures to this problem have been developed. Given that with the rise of smart cars it is very dangerous that a third party can control it.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *