Drammer: Deterministic Rowhammer attacks on mobile platforms

Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Lucie Noemie Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) memory management features to place victim objects in vulnerable physical memory locations. Moreover, prior work only targets x86 and researchers have openly wondered whether Rowhammer attacks on other architectures, such as ARM, are even possible. We show that deterministic Rowhammer attacks are feasible on commodity mobile platforms and that they cannot be mitigated by current defenses. Rather than assuming special memory management features, our attack, Drammer, solely relies on the predictable memory reuse patterns of standard physical memory allocators. We implement Drammer on Android/ARM, demonstrating the practicability of our attack, but also discuss a generalization of our approach to other Linux-based platforms. Furthermore, we show that traditional x86-based Rowhammer exploitation techniques no longer work on mobile platforms and address the resulting challenges towards practical mobile Rowhammer attacks. To support our claims, we present the first Rowhammerbased Android root exploit relying on no software vulnerability, and requiring no user permissions. In addition, we present an analysis of several popular smartphones and find that many of them are susceptible to our Drammer attack. We conclude by discussing potential mitigation strategies and urging our community to address the concrete threat of faulty DRAM chips in widespread commodity platforms.

Originalspracheenglisch
TitelCCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Herausgeber (Verlag)Association of Computing Machinery
Seiten1675-1689
Seitenumfang15
Band24-28-October-2016
ISBN (elektronisch)9781450341394
DOIs
PublikationsstatusVeröffentlicht - 24 Okt. 2016
Veranstaltung23rd ACM Conference on Computer and Communications Security: CCS 2016 - Vienna, Österreich
Dauer: 24 Okt. 201628 Okt. 2016

Konferenz

Konferenz23rd ACM Conference on Computer and Communications Security
Land/GebietÖsterreich
OrtVienna
Zeitraum24/10/1628/10/16

ASJC Scopus subject areas

  • Software
  • Computernetzwerke und -kommunikation

Fingerprint

Untersuchen Sie die Forschungsthemen von „Drammer: Deterministic Rowhammer attacks on mobile platforms“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren