Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.
Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years.
“Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips,” the researchers said.
“SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips.”
By synchronizing memory requests with DRAM refresh commands, the researchers developed an end-to-end JavaScript exploit which can fully compromise the Firefox browser in 15 minutes on average, proving that web users continue to remain at risk from such attacks.
What is Rowhammer?
First, a quick primer about Rowhammer, an umbrella term referring to a class of exploits that leverage a hardware design quirk in DDR4 systems. Memory RAM cards save data inside what’s called memory cells (each consisting of a capacitor and a transistor) that are arranged on the RAM’s silicon chip in the form of a matrix.
But given capacitors’ natural discharge rate, the memory cells tend to lose their state over time and therefore require a periodic reading and rewriting of each cell in order to restore the charge on the capacitor to its original level. On the other hand, increased densities of DRAM integrated circuits have enabled increased rates of electromagnetic interactions between memory cells and a greater possibility of data loss.
In 2014, researchers found that by repeatedly carrying out rapid read/write operations on a memory row, over and over again — aka “row hammering” — they could induce an electrical disturbance that would alter data stored in nearby memory rows.
Since then, multiple methods have been devised, expanding on the methods and exploitation scenarios of the original Rowhammer research to bypass protections put in place (ECCploit), launch attacks via JavaScript (Rowhammer.js), network packets (Throwhammer), and field-programmable gate array (FPGA) cards (JackHammer), and even read sensitive memory data from other processes running on the same hardware (RAMBleed)
In response to the findings, industry-wide countermeasures like Target Row Refresh (TRR) were billed as the “ultimate solution” for all the aforementioned Rowhammer attack versions, until VU researchers in March 2020 demonstrated a fuzzing tool called “TRRespass” that could be used to make Rowhammer attacks work on the TRR-protected DDR4 cards.
From TRRespass to SMASH
While TRRespass aims to achieve a TRR bypass using native code, no methods were available to trigger them in the browser from JavaScript. That’s where SMASH comes in, granting the attacker an arbitrary read and write primitive in the browser.
Specifically, the exploit chain is initiated when a victim visits a malicious website under the adversary’s control or a legitimate website that contains a malicious ad, taking advantage of the Rowhammer bit flips triggered from within the JavaScript sandbox to gain control over the victim’s browser.
“The current version of SMASH relies on [transparent huge pages] for the construction of efficient self-evicting patterns,” the researchers said. “Disabling THP, while introducing some performance overhead, would stop the current instance of SMASH.”
“Furthermore, our exploit relies specifically on corrupting pointers in the browser to break ASLR and pivot to a counterfeit object. Protecting the integrity of pointers in software or in hardware (e.g., using PAC [23]) would stop the current SMASH exploit.”