How processor performance is tied to side-channel leakage: With great speed comes great leakage

Activity: Talk or presentationTalk at conference or symposiumScience to science


Every year modern computer systems are becoming faster and faster on a sub-cycle level through hardware optimizations. While these optimizations may be correct and work without any visible side effects to the running software, it is possible that it comes to unintentional leakage of otherwise inaccesible information. An adversary can exploit this information leakage to extract sensitive information, such as passwords or cryptographic keys. In addition to these information leaks, we also find a different form of leakage in modern computers: DRAM cells leak their charge, facilitating the so-called Rowhammer bug. The Rowhammer bug allows any unprivileged application to escalate to kernel privileges.

In this talk, we will discuss the most powerful microarchitectural attacks applicable to ARM-based devices. We will explain how to extract sensitive information by executing instructions that do not require any permissions. We will show how an attacker with no prior experience in the field can perform such attacks in no time. In a live demo, we will demonstrate a partial keylogger on a recent smartphone that runs as an application without any permissions.

Beyond classical cache-based side-channel attacks, we will demonstrate cache attacks without a single memory access. We will show why the recent prefetch kernel ASLR bypasses generally do not apply to ARM-based devices. We will discuss how Rowhammer attacks can be applied to smartphones and tablets. Finally, we will show a live demo of Rowhammer bit flips on a smartphone.
Period18 May 2017
Event titleQualcomm Mobile Security Summit 2017
Event typeConference
LocationSan Diego, United StatesShow on map
Degree of RecognitionInternational