Tag Archive for: Rowhammer

Anti-tracking, rowhammer problems and IoT vulns [Podcast] – Naked Security

/in


How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer’s memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker “name:wreck”.

With Kimberly Truong, Doug Aamoth and Paul Ducklin.

Intro and outro music by Edith Mudge.

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

WHERE TO FIND THE PODCAST ONLINE

You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Or just drop the URL of our RSS feed into your favourite podcatcher software.

If you have any questions that you’d like us to answer on the podcast, you can contact us at [email protected], or simply leave us a comment below.

Source…

Potentially disastrous Rowhammer bitflips can bypass ECC protections

/in
A DDR3 DIMM with error-correcting code from Samsung. ECC is no longer an absolute defense against Rowhammer attacks.

Enlarge / A DDR3 DIMM with error-correcting code from Samsung. ECC is no longer an absolute defense against Rowhammer attacks. (credit: Samsung)

In early 2015, researchers unveiled Rowhammer, a cutting-edge hack that exploits unfixable physical weaknesses in the silicon of certain types of memory chips to transform data they stored. In the 42 months that have passed since then, an enhancement known as error-correcting code (or ECC) available in higher-end chips was believed to be an absolute defense against potentially disastrous bitflips that changed 0s to 1s and vice versa.

Research published Wednesday has now shattered that assumption.

Dubbed ECCploit, the new Rowhammer attack bypasses ECC protections built into several widely used models of DDR3 chips. The exploit is the product of more than a year of painstaking research that used syringe needles to inject faults into chips and supercooled chips to observe how they responded when bits flipped. The resulting insights, along with some advanced math, allowed researchers in Vrije Universiteit Amsterdam’s VUSec group to demonstrate that one of the key defenses against Rowhammer isn’t sufficient.

Read 18 remaining paragraphs | Comments

Biz & IT – Ars Technica

Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again

/in

The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.
Threatpost | The first stop for security news

Android alert: This new type of rowhammer GPU attack can hijack your phone remotely

/in

  1. Android alert: This new type of rowhammer GPU attack can hijack your phone remotely  ZDNet

  2. New Rowhammer attack can be used to hack Android devices remotely  Help Net Security

    3. Full coverage

android security news – read more