Forums › Life › Computers, Gadgets & Technology › Computer Viruses, Trojans & Threats. › DRAM “Bitflipping” exploit for attacking PCs: Just add JavaScript
DRAM ?Bitflipping? exploit for attacking PCs: Just add JavaScript | Ars Technica UK
Original story on the original exploit is here.
Cutting-edge hack gives super user status by exploiting DRAM weakness | Ars Technica
Blog post on the Rowhammer.js explot.
Or install Kali Linux and get access to almost any exploit you could ever thinkk of.
Would using any operating system mitigate this? If this is javascript and it will run on almost 90% of browsers and it affects the DRAMI don’t see how it would. Maybe running the noscript extension would help.
Also isn’t KALI linux a port of backtrack for smartphones? I got a copy for my old nexus but never bothered installing it.
KALI is a custom Debian distro build for security research; you can use it to test for vulns across your network/systems (best to have permission first; but just this week I got that from the directors of my work).
The DRAM exploit is indeed feasible but takes a lot of effort and some knowledge of analoigue as well as digital circuitry and how it all interacts. the code would need to get the timings exactly right; and once it is able to alter the memory it must also know from somewhere if the CPU is i386/x-64 or ARM as the opcodes are all different.
from what I read it does also need a target machine with certain kinds of especially fast DRAM; plenty of CPU power+ user who won’t notice a browser hogging up way more memory than expected. perhaps middle class rich gamers/techies might be more vulnerable; old guys like me who learned to do things like split a byte into its individual 8 bits for flags (as there weren’t enough resources to use a whole byte for one flag) might be more likely to notice it.
I also suspect this kind of code could be unearthed by putting an AM transistor radio next to your computer; it will make even more rough noise than usual.- Also site using this exploit is equally likely to cause the browser on a lesser specified target machine to crash hard which will be soon noticed.
Hat tip to Rad for the Kali info; I have a recovered PC sat on my office floor which I was going to use for Linux multimedia but the sound card channels on alsamixer keep randomly changing making it quite unfit for such a purpose. its not quite powerful enough to make it worth installing Win7 on it and deploying to an end user and I have an entire switch on my office wall for VOIP basestations and some old XP PCs running a “pirate radio station for the seniors” so I can use this for my security testing box 😉
Just looked and it’s developed but the same 2 people that write, then got bored with Backtrack, plus another chap.
0
Voices
5
Replies
Tags
This topic has no tags
Forums › Life › Computers, Gadgets & Technology › Computer Viruses, Trojans & Threats. › DRAM “Bitflipping” exploit for attacking PCs: Just add JavaScript