A team of researchers from universities worldwide have devised a new set of DMA-based Rowhammer attacks against the latest Android OS, along with a lightweight defense to prevent such attacks on ARM-based devices.
Rowhammer is a vulnerability impacting dynamic random-access memory (DRAM) chips that can be abused to gain kernel privileges on Linux systems. Discovered in 2012 but documented only in 2014, the bug can also be exploited remotely using JavaScript or via graphics processing units (GPUs).
Last year, researchers from Graz University of Technology, the University of Pennsylvania (and University of Maryland), and University of Adelaide revealed a series of attack methods able to bypass existing defenses against Rowhammer.
Now, eight researchers from Vrije Universiteit Amsterdam, Amrita University India, UC Santa Barbara, and EURECOM propose RAMpage, a set of attacks that target the latest Android versions with a root exploit and app-to-app exploits that bypass all defenses.
In a research paper (PDF), they also propose GuardION, lightweight defenses that mitigate Rowhammer exploitation on ARM systems by isolating DMA buffers with DRAM-level guard rows.
Furthermore, the researchers claim that re-enabling higher order allocations, which Google disabled to prevent attacks, would improve system performance.
Rowhammer is a hardware bug that “consists of the leakage of charge between adjacent memory cells on a densely packed DRAM chip.” This means that, when a row of bits in the DRAM module is used, the neighboring rows are slightly affected, and attackers can abuse this to completely subvert a system’s security.
The issue is particularly serious on mobile devices, where hardware upgrades are not possible, the security researchers argue. They also note that existing software defenses are not effective and present attacks can circumvent all currently proposed and implemented defense techniques.
To exploit Rawhammer, an attacker needs to land a security-sensitive page into a vulnerable physical memory location and also needs to access the DRAM chip fast enough to hit the same rows before they are refreshed. They also have to determine the virtual addresses that map to the two physical rows adjacent to the victim row.
To mitigate the risks, Google disabled the contiguous heap, but left the system heap available. The company also reduced internal system heap pools to two and enforced that the system heap only returns memory pages from highmem.
By exhausting the system heap, the researchers were able to get contiguous pages and find exploitable bit flips via double-sided Rowhammer. The researchers then tricked the system into releasing pre-allocated cached memory, including the row with the vulnerable page, and developed a root exploit leveraging this attack technique.
The researchers also say it is possible to corrupt buffers belonging to another app or process, an attack scenario that could abuse privileged apps for increased damage. They also argue that an attacker could try to exhaust the Contiguous Memory Allocator (CMA) bit map, or to corrupt system memory from CMA-allocated memory. Such attacks, however, are technically challenging, the experts admit.
GuardION, the newly proposed mitigation against DMA-based Rowhammer exploits on mobile devices, focuses on limiting the capabilities of an attacker’s uncached allocations. Expensive fine-grained isolation can be applied for each DMA allocation, and GuardION isolates buffers with two guard rows: one at the ‘top’ and another at the ‘bottom’.
“This enforces a strict containment policy in which bit flips that are triggered by reading from uncached memory cannot occur outside the boundaries of that DMA buffer. In effect, this design defends against Rowhammer by eradicating the ability of the attacker to inject bit flips in sensitive data,” the researchers claim.
The mitigation, however, is based on the premises that bit flips don’t occur in memory pages physically located more than one row away from the aggressor rows. Such flips have never been reported before and the Rowhammer attack itself makes such incidents unlikely to ever occur.
According to the research paper, not only is GuardION’s performance impact negligible, but its integration with the current Android code base is rather easy. A prototype implementation contains only 844 lines of code and touches only 9 files in the Android source code. The researchers are in the process of submitting the patch to Google for adoption.
Related: Android Phones Vulnerable to Remote Rowhammer Attack via GPU