The side-channel attack, RAMBleed successfully obtains the OpenSSH 2048-bit key


Several security researchers have published a paper on a based Rowhammer vulnerability and extended its threat from memory integrity deficits to the memory RAMBleed.

RAMBleed is a side channel attack that allows an attacker to read physical memory from other processes. According to the researchers, this technology takes advantage of the Rowhammer vulnerability Rowhammer that emerged a few years ago. This is a type of fault attack in which an attacker uses a specific memory access sequence to cause a bit flip in memory, which is the bit value (0/1) change. Because the attacker does not directly access the changed memory location, the CPU or operating system is generally unaware of the problem. Although this bit flipping technique is not well controlled, its capabilities have been applied to sandbox escaping, privilege attacks on operating systems and hypervisors, DoS and cryptographic protocol fault injection.

In the past, people thought that Rowhammer attacks can only destroy the integrity of memory, that is, the attacker uses Rowhammer to get limited write primitives into other inaccessible memory, and then modify the contents of the memory, as long as it passes through the memory. An integrity check can mitigate this type of attacks, such as using memory to protect memory integrity or memory with error correction code (ECC). In particular, error correction code technology has long been considered an effective means of preventing Rowhammer from correcting bit flips as they are detected. Although there is recent evidence that an attacker can bypass the ECC mechanism and make a bit flip that is still observable after error correction, successful correction of the flip is still considered benign without any security risks.

The researchers have developed a RAMBleed attack method, which is a side channel attack. By observing the bit flip caused by Rowhammer, you can infer the value in the nearby DRAM row, so you can read the physical memory belonging to other processes. They also demonstrated an attack on OpenSSH using RAMBleed and successfully obtained a leaked 2048-bit RSA key. In addition, unlike Rowhammer, RAMBleed does not require persistent bit flips, so ECC memory commonly used on server machines is not effective in mitigating the attack.

Researchers will present the “RAMBleed: Reading Bits in Memory Without Accessing Them” at the 41st IEEE Symposium on Security and Privacy in May 2020.