New Rowhammer Attack Hijacks Android Smartphones Remotely
Credit to Author: Andy Greenberg| Date: Thu, 03 May 2018 10:00:00 +0000
Nearly four years have passed since researchers began to experiment with a hacking technique known as "Rowhammer," which breaks practically every security model of a computer by manipulating the physical electric charge in memory chips to corrupt data in unexpected ways. Since that attack exploits the most fundamental properties of computer hardware, no software patch can fully fix it. And now, for the first time, hackers have found a way to use Rowhammer against Android phones over the internet.
On Thursday, researchers in the VUSec research group at Vrije Universiteit in Amsterdam published a paper that details a new form of the Rowhammer attack they call "GLitch." Like previous versions, it uses Rowhammer's trick of inducing electric leaks in memory to change ones to zeros and vice versa in the data stored there, so-called "bit flips." But the new technique can allow a hacker to run malicious code on some Android phones when the victim simply visits a carefully crafted web page, making it the first ever remote, smartphone-targeted implementation of the Rowhammer attack.
"We wanted to see if Android phones were remotely vulnerable to Rowhammer, and we knew the usual techniques wouldn't work,' Pietro Frigo, one of the researchers who worked on the paper. "By triggering bit flips in a very specific pattern we can actually get control over the browser. We managed to get remote code execution on a smartphone."
Rowhammer attacks work by exploiting not just the usual abstract flaws in software, but also the actual physics inherent in how computers function. When a processor accesses the rows of minuscule cells that carry electric charges to encode data in ones and zeros, some of that electric charge can very occasionally leak out to a neighboring row, and cause another bit to flip from a one to zero, or vice versa. By repeatedly accessing—or "hammering"—the rows of memory on both sides of a target row, hackers can sometimes cause a specific, intended bit flip that changes the exact bit necessary to give them some new access to the system, then use that access to gain deeper control.
'Everyone was completely ignoring the GPU.'
Pietro Frigo, Vrije Universiteit
Researchers have pulled off remote Rowhammer attacks on laptops running Windows and Linux before, and more recently VUSec showed that the technique could work on Android phones, too, though only after the attacker had already installed a malicious application on the phone. But the ARM processors inside Android phones include a certain type of cache—a small portion of memory on the processor itself that keeps frequently accessed data handy for efficiency—that makes accessing targeted rows of memory difficult.
To get over that hurdle, the Vrije Universiteit team instead found a method of using the graphics processing unit, whose cache can be more easily controlled to let a hacker hammer target rows without interference. "Everyone was completely ignoring the GPU, and we managed to use it to build quite a fast, remote Rowhammer exploit on ARM devices when that was considered impossible," Frigo says.
The proof of concept attack the researchers created to demonstrate their technique takes about two minutes, from a malicious site loading their javascript in the browser to running code on the victim's phone. It can only run that code, however, within the privileges of the browser. That means it can potentially steal credentials or spy on browsing habits, but it can't gain deeper access without a hacker exploiting other bugs in the phone's software. And most importantly, for now it targets only the Firefox browser, and phones that run the Snapdragon 800 and 801 systems-on-a-chip—Qualcomm mobile components that includes both CPU and GPU. That means they've only proven it to work on older Android phones like the LG Nexus 5, HTC One M8, or LG G2, the most recent of which was released four years ago.
That last point may represent a serious limitation to the attack. But Frigo explains that the researchers tested older phones like the Nexus 5 simply because they had more of them around in the lab when they began their work in February of last year. They also knew, based on their previous Android Rowhammer research, that they could achieve basic bit-flips in their memory before attempting to write a full exploit. Frigo says that while their attack would have to be rewritten for different phone architectures, he expects that with additional reverse-engineering time it would work on newer phones as well, or against victims running other mobile browsers. "It requires some effort to figure out," says Frigo. "It might not work [on other software or architectures], or it might work even better."
To achieve their GPU-based Rowhammer attack, the researchers had to find a way to induce bit flips with a GPU and use them to gain deeper control of the phone. They found that foothold in a widely used browser-based graphics code library known as WebGL—hence the GL in GLitch. They used that WebGL code in their malicious site, along with a timing technique that allowed them to determine the location the GPU was accessing in memory by how quickly it returned a response, to force the GPU to load graphic textures that repeatedly "hammered" target rows of memory.
The researchers then exploited a quirk of Firefox in which numbers stored in memory that have a certain pattern of bits are treated not as mere data, but as a reference to another "object"—a container holding data controlled by the attacker—elsewhere in memory. By merely flipping bits, the attackers could transform numbers into references to data they controlled, allowing them to run their own code in the browser outside of javascript's usual restricted access.
When WIRED reached out to Google, the company responded by first pointing out, rightly, that the attack isn't a practical threat to the vast majority of users. After all, almost all Android hacking occurs via malicious apps that users install themselves, mostly from outside the Google Play Store, not from a bleeding edge exploit like Rowhammer. The company also said that it has tested the attack on newer phones and believes that their isn't nearly as susceptible to Rowhammer. On that point, the Dutch researchers counter that they were able to produce bit flips in a Pixel phone, too. While they haven't yet developed a fully functioning attack, they say the groundwork suggests that it's possible.
Regardless, Google says it has made software changes to Chrome to block the researchers' implementation of the attack in its own browser. "While this vulnerability isn’t a practical concern for the overwhelming majority of users, we appreciate any effort to protect them and advance the field of security research, overall," the company's statement reads. "We are not aware of an exploit, but the researchers’ proof-of-concept does show that web browsers can be a vector for this Rowhammer-style attack. We mitigated this remote vector in Chrome on March 13, and we are working with other browsers so they can implement similar protections.'"
Mozilla also tells WIRED it fixed one element of Firefox in its last release that makes determining the location of data in memory more difficult. While VUSec's Frigo says that didn't prevent VUSec's attack, Mozilla adds that it's planning a further update to prevent GLitch attacks in another update next week. "We will continue to monitor for any updates from hardware manufacturers to address the underlying issue and make changes accordingly," write a Mozilla spokesperson.
'The barriers to executing these kinds of attacks have been significantly reduced.'
Anders Fogh, GDATA Advanced Analytics
Despite the unknown variables in the Dutch researchers' GLitch work, other researchers focused on microarchitecture attacks in hardware see it as serious progress towards Rowhammer becoming a practical hacking tool. "This paper presents a significant and very clever demonstration of how the Rowhammer vulnerability can lead to another attack. How widespread this particular attack can be, of course, remains to be seen," writes Carnegie Mellon researcher Onur Mutlu, one of the authors of the first paper in 2014 that introduced Rowhammer as a potential attack, in an email to WIRED. He argues that GLitch represents "the natural progression of Rowhammer research that will continue to become more and more sophisticated."
"The barriers to executing these kinds of attacks have been significantly reduced by this paper and it is likely that we'll see more attacks in the future based on this work," adds Anders Fogh, the principal researcher for GDATA Advanced Analytics, who was first to discover some elements of the Meltdown and Spectre attacks earlier this year. "It is likely that a very significant portion of Android devices are vulnerable to these attacks."
Software makers could make Rowhammer far harder to exploit, says Frigo, by restricting how code like WebGL can access memory. But since the bit-flipping lies much deeper in the phone's hardware, hackers will still find a new path to exploit those unpatchable bugs, he argues. The real solution will be hardware-based, too. More recent forms of smartphone memory, known as DDR4, offer a safeguard that more often "refreshes" the charge of memory cells to prevent electric leakage from changing their values. But Frigo points out that while the Pixel phone uses DDR4, the Vrije Universiteit hackers were still able to induce bit flips in that phone's memory, too.
All of that means hardware makers will need to keep up with an advancing form of attack that threatens to potentially keep reappearing, each time in a new form that can't be easily fixed in software—or fixed at all. "Every time someone proposes a new defense against Rowhammer, someone finds a way to break it," says Frigo. "And once a phone is vulnerable to Rowhammer, it’s going to be vulnerable until you throw it away."