RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.
RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.
We will present our paper titled "RAMBleed: Reading Bits in Memory Without Accessing Them" at the 41st IEEE Symposium on Security and Privacy in May, 2020.
Read the Paper Cite@inproceedings{kwong2020rambleed, author = {Kwong, Andrew and Genkin, Daniel and Gruss, Daniel and Yarom, Yuval}, title = {RAMBleed: Reading Bits in Memory Without Accessing Them}, booktitle = {41st {IEEE} Symposium on Security and Privacy (S\&P)}, year = {2020}, }
RAMBleed was discovered by the following joint team of academic researchers:
The trend towards increasing DRAM cell density and decreasing capacitor size over the past decades has given rise to a reliability issue known as Rowhammer. Specifically, repeated accesses to rows in DRAM can lead to bit flips in neighboring rows (not only the direct neighbors), even if these neighboring rows are not accessed.
Attackers can exploit these cross process bit flips for a myriad of security breaches. Researchers have demonstrated how to abuse Rowhammer for privilege escalation, RSA modulus factorization, and more.
Previous attacks exploited the Rowhammer effect to write (or flip) bits in the victim's memory. RAMBleed is different in that it uses Rowhammer for reading data stored inside the computer's physical memory. As the physical memory is shared among all process in the system, this puts all processes at risk.
While the end-to-end attack we demonstrated read out OpenSSH 7.9's RSA key, RAMBleed can potentially read any data stored in memory. In practice, what can be read depends on the victim program's memory access patterns.
There is nothing particularly vulnerable about OpenSSH, it was simply a convenient target to demonstrate RAMBleed's security implications. We don't recommend that you stop using SSH any more than we recommend that you stop using the internet.
RAMBleed relies on Rowhammer-induced bit flips to read privileged memory. As such, any system that uses Rowhammer-susceptible DIMMs is vulnerable. Previous research has demonstrated bit flips on both DDR3 and DDR4 with TRR (targeted row refresh) enabled. While we demonstrated our attack on a desktop machine and an ECC enabled server machine, Rowhammer attacks have been demonstrated against both mobile devices and laptops. As such, we suspect that many classes of computers are susceptible to RAMBleed.
No! RAMBleed uses bit flips as a read side channel, and as such does not require bit flips to be persistent. Instead, the attacker merely needs to know that a bit flip occurred; the secret information leaks regardless of whether or not ECC corrects the flip.
If ECC corrects the flip, how can the attacker determine whether or not a bit has flipped in her memory? The attacker can read her memory and use the ECC timing side channel to determine if the bit flipped. As described by Cocojar et al., when the hardware corrects the bit flip, a large delay is induced on that particular memory access. On our setup, we found an even stronger signal than previously reported, with a 1,000,000 X slowdown over the common case.
Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice.
Memory manufacturers can help mitigate this issue by more rigorously testing for faulty DIMMs. Furthermore, publicly documenting vendor specific TRR implementations will facilitate a stronger development process as security researchers probe such implementations for weaknesses.
We believe that it is very unlikely that any antivirus software on the market currently detects RAMBleed.
It is not possible for us to say definitively, but we believe it to be unlikely.
Rowhammer induced bit flips are data dependent, i.e. a bit is more likely to flip when the bits above and below it have the opposite charge. This creates a data-dependent side channel, wherein an attacker can deduce the values of bits in nearby rows by observing bit flips in her own memory rows. Finally, as the data in nearby rows might belong to a different process, this leakage breaks the isolation boundaries enforced by the operating system.
To exploit this effect, we developed novel memory massaging techniques to carefully place the victim's secret data in the rows above and below the attacker's memory row. This causes the bit flips in the attacker's rows to depend on the values of the victim's secret data. The attacker can then use Rowhammer to induce bit flips in her own memory, thereby leaking the victim's secret data.
Yes, see CVE-2019-0174.
Due to deficiencies in the memory modules, the RAM bleeds its contents, which we then recover through a side-channel.
All rights to the logo have been waived through CC0. Marina Minkin designed the logo.
This research was partially supported by Intel.