Blacksmith Attack Uses Your Own RAM Against You
Blacksmith Attack Uses Your Own RAM Against You GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
Corsair A new paper outlines a novel attack, dubbed Blacksmith, that can bypass device security by hammering a device's memory into a desired state. Published by Comsec, a security research group from the Department of Information Technology and Electrical Engineering at ETH Zürich, the paper describes a "Rowhammer" attack that slams memory with junk data to trigger a bit flip. Comsec's new twist on this attack, Blacksmith, can bypass protections used by DDR4 memory to guard against such attacks. "All devices that feature DRAM are likely vulnerable," Kaveh Razavi, an assistant professor at ETH Zürich and leader of Comsec, told Lifewire in an email.
Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is an Intrusion Prevention System (IPS)? The 10 Best DDR4 RAM The Types of RAM That Run Today's Computers Windows Defender Security Center Review: Everything You Need to Know Opera vs. Google Chrome How to Unlock All Captured Memories in Zelda: Breath of the Wild How to Find and Use the Best Weapons in Zelda: BOTW How to Wipe a Hard Drive on a Dead Computer How to Beat Guardians in Zelda: BOTW Can Your Computer Use Newer, Faster Memory? The 10 Best RAM of 2022 How to Overclock RAM What Is DDR4 Memory? The 6 Best Antivirus Apps for iPhones in 2022 How to Make Your Own Barcode or QR Code What Is a Cyber Attack and How to Prevent One Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies
Blacksmith Attack Uses Your Own RAM Against You
Unpatchable attack circumvents security by attacking device memory
By Matthew S Smith Matthew S Smith Writer Beloit College Matthew S. Smith has been writing about consumer tech since 2007. Formerly the Lead Editor at Digital Trends, he's also written for PC Mag, TechHive, and others. lifewire's editorial guidelines Published on November 17, 2021 11:00AM EST Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming GamingKey Takeaways
Rowhammer can flip bits in RAM by hammering it with data.Blacksmith is a new form of the attack that bypasses DDR4's built-in protection.Though not found in the wild, the attack could be used against "high-value" targets.Corsair A new paper outlines a novel attack, dubbed Blacksmith, that can bypass device security by hammering a device's memory into a desired state. Published by Comsec, a security research group from the Department of Information Technology and Electrical Engineering at ETH Zürich, the paper describes a "Rowhammer" attack that slams memory with junk data to trigger a bit flip. Comsec's new twist on this attack, Blacksmith, can bypass protections used by DDR4 memory to guard against such attacks. "All devices that feature DRAM are likely vulnerable," Kaveh Razavi, an assistant professor at ETH Zürich and leader of Comsec, told Lifewire in an email.
Don t Worry Probably
The scope of the attack is staggering. When Razavi says "all devices," he really does mean "all devices." Comsec's testing, which included DDR4 memory samples from Samsung, Micron, and Hynix, was conducted on computers running Ubuntu Linux, but it could work against nearly any device that has DDR4. Despite its potential, most individuals don't need to worry about Blacksmith just yet. This is a sophisticated attack that requires significant skill and effort to have success. David Fillion / Getty Images "Given that easier attack vectors often exist, we think average users should not worry about this too much," said Razavi. "Different story if you are a news reporter or an activist (what we call a 'high-value target')." If you are a high-value target, your options are limited. Memory with built-in error correction (ECC) is more resistant, but not invulnerable, and also not available on most consumer devices. The best defense is to stay clear of any untrusted applications. Razavi also recommends using a browser extension that blocks JavaScript, as researchers have demonstrated JavaScript can be used to execute a Rowhammer attack.Circumventing Protections
Rowhammer itself is not a new attack. It was brought to light in a 2014 paper from Carnegie Mellon University and Intel Labels, titled "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors." That paper demonstrated the error in DDR3 memory. All devices that feature DRAM are likely vulnerable. DDR4 includes a protection, Target Row Refresh (TRR), meant to prevent Rowhammer by detecting an attack and refreshing memory before data corruption occurs. Blacksmith circumvents this by adjusting the attack to use non-uniform patterns that don’t trigger DDR4’s protection, reintroducing Rowhammer as a concern for newer devices thought to be secure. Still, not all memory is equally vulnerable. Comsec tested Blacksmith with three sample attacks on 40 samples of DDR4 memory. Some fell quickly to all three, others held out longer, and the best resisted two of the three sample attacks. Comsec’s paper does not name the specific memory modules tested.What s a Rowhammer Anyway
Blacksmith is a form of Rowhammer attack—but what is Rowhammer? Rowhammer takes advantage of the small physical size of memory cells in modern DRAM. These structures are so small that electrical current can leak between them. Rowhammer pummels DRAM with data that induces leakage and, in turn, can cause the bit value stored in memory cells to flip. A "1" can flip to a "0," or vice-versa. It's like a Jedi mind trick. One moment the device knows a user has only basic access. Then, with the flip of a bit, it believes the user has full administrator access. The device has no idea it was tricked because the attack altered its memory. Comsec And it gets worse. Rowhammer, like the Spectre vulnerability discovered in x86 processors, takes advantage of a physical characteristic of the hardware. That means it's impossible to patch. The only complete solution is to replace the hardware. The attack is stealthy, as well. "It will be very difficult to find traces of a rowhammer attack if it does happen in the wild since all the attacker needs to have is legitimate memory access, with some feng shui to make sure the system does not crash," said Razavi. There is a shred of good news, though. There's no evidence attackers outside a research environment are using Rowhammer. That could change at any time, however. "We have to invest in fixing this issue," said Razavi, "since these dynamics might change in the future."Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is an Intrusion Prevention System (IPS)? The 10 Best DDR4 RAM The Types of RAM That Run Today's Computers Windows Defender Security Center Review: Everything You Need to Know Opera vs. Google Chrome How to Unlock All Captured Memories in Zelda: Breath of the Wild How to Find and Use the Best Weapons in Zelda: BOTW How to Wipe a Hard Drive on a Dead Computer How to Beat Guardians in Zelda: BOTW Can Your Computer Use Newer, Faster Memory? The 10 Best RAM of 2022 How to Overclock RAM What Is DDR4 Memory? The 6 Best Antivirus Apps for iPhones in 2022 How to Make Your Own Barcode or QR Code What Is a Cyber Attack and How to Prevent One Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies