mercredi 11 mars 2015

Worrying new hack attacks DDR3 memory

Security researchers on Google's Project Zero initiative have discovered how to launch an attack that takes advantage of physical weaknesses in some types of DDR memory chips inside Intel-compatible PCs running Linux.


A blog post published earlier this week explained that the bit flipping technique flagged up last year has been used in a successful attack by researchers who were able to reverse the individual bits of data stored in DDR3 chip modules that are called DIMMs.


Bit flipping works when attackers repeatedly hammer small parts of the memory hundreds of thousands of times in just a few milliseconds. By hammering the two "aggressor" memory regions the attacker can then reverse one of more bits in the third "victim" region and exploit that to change the administrator privileges on the target PC.


It affects newer versions of DDR3 memory that are able to be exploited thanks to the shrinking size of silicon that makes it easier to trigger electronic interaction between neighbouring cells. By repeatedly accessing the location, as mentioned earlier, attackers can cause a leak in or out of the adjacent cells.


For now it's only local


The Project Zero researchers didn't detail the specific models of DDR3 that are prone to the attack and even though it sounds worrying the attack is currently only known to be local and thus decreases the scope for hackers wanting to launch attacks remotely.


Exploiting physical weaknesses in memory is still very rare and whilst repairing faulty software can be as simple as releasing a patch, replacing DDR memory may be the only way to solve the problems caused by this attack.


Via: Ars Technica, Project Zero







from TechRadar: All latest feeds http://ift.tt/1KWWFLY

via IFTTT

Related Posts:

  • Updated: 50 best Android apps 2015 Best Android apps - introduction The Google Play store has exploded in recent years, with a proliferation of apps that can cater to your every need. The problem is: there are just too many of them. Even with Editor's Picks,… Read More
  • Updated: Best free video editing software: 10 top programs you should use Introduction It's the first law of movie-making: no matter how expensive your camera, or how skilled you are at using it, your raw footage will always be rubbish. And so, if you're looking to add a little professional polis… Read More
  • Review: UPDATED: Moto X Introduction, display and design Update: Moto X continues to be one of the most stylish Android phones in 2015 and looks even better with Android Lollipop. Our review reflects that. The Moto X name didn't changed in 2014, bu… Read More
  • Millions of unsecured home routers caught up in DDoS botnet Hackers have managed to hijack hundreds of thousands of poorly secured wireless routers and established "self-sustaining" botnets to launch denial of service (DDoS) attacks. First reported by The Register, routers located in… Read More
  • Updated: Best free Android apps 2015 Best free Android apps If you have an Android device you really are spoiled for choice when it comes to apps, with the Google Play store being home to thousands of them. The huge quantity of apps doesn't mean they're all qu… Read More

0 commentaires :

Enregistrer un commentaire