Using Memory Errors to Attack a Virtual Machine

← Back to Stories (view on slashdot.org)

Using Memory Errors to Attack a Virtual Machine

Posted by michael on Friday March 14, 2003 @08:03PM from the no-one-is-safe dept.

gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"

24 of 247 comments (clear)

This just in! by G-funk · 2003-03-14 20:10 · Score: 4, Funny

Reports are sketchy at present, but we're being led to believe that it's easy to compromise a machine to which you have physical access!

Film at 11.

--
Send lawyers, guns, and money!
1. Re:This just in! by shird · 2003-03-14 20:22 · Score: 1, Funny
  
  But as the report says - its also applicable in situations where you don't actually have physical access - x-rays can travel through various materials, which may be blocking your otherwise 'physical access'. Thus, being able to compromise a system 'remotely' as it were, is of significance.
  
  --
  I.O.U One Sig.
2. Re:This just in! by SmackCrackandPot · 2003-03-15 01:08 · Score: 2, Funny
  
  If you wait long enough, then some day a cosmic ray will strike a computer system at exactly the same time as your are entering the root password. The result ionization will cause the compare function to return a match, and you will gain access!
the implications!! by kaworu-sama · 2003-03-14 20:21 · Score: 5, Funny

Now when I benchmark my computer using the punch-the-monkey java applet using a 50 watt spotlight, I'll have to be more careful!
A quick workaround... by AnriL · 2003-03-14 20:36 · Score: 5, Funny

Just overclock your tamper-resistant machine to the bleeding edge of running at maximum MHz you can get. Tweak the speed to the point that the body heat emitted by regular users will not overheat the CPU, but anyone approaching the machine with a 50 Watt bulb would fry the machine before gaining access to data.

However, now you get a denial of service attack, but hey, it's better than information disclosure or arbitrary code execution. :-)
1. Re:A quick workaround... by Anonymous Coward · 2003-03-15 05:53 · Score: 1, Funny
  
  Dude,
  
  Are you trying to overclock Java again?
End of Slashdot by MegaFur · 2003-03-14 20:55 · Score: 5, Funny

Oh great, it must be the Apocolypse or something. They actually posted a *link* to a *PowerPoint* document in a Slashdot article! Worse yet, no one seems concerned.

--
Furry cows moo and decompress.
1. Re:End of Slashdot by error0x100 · 2003-03-14 21:30 · Score: 5, Funny
  
  They actually posted a *link* to a *PowerPoint* document in a Slashdot article! Worse yet, no one seems concerned.
  Noone reads the articles, so they probably didn't even notice. OK, *I* didn't notice.
This just in... by scubacuda · 2003-03-14 21:00 · Score: 4, Funny

...you can fuck up a monitor with a big ass magnet!

(There are some things you just never forget from your high school physics lab)
In other news. by MisterFancypants · 2003-03-14 21:10 · Score: 5, Funny

It turns out that if you have physical access to a system, you can perform a pretty effective denial of service attack using a rather devious little bit of technology called a 'baseball bat'.
1. Re:In other news. by VValdo · 2003-03-14 23:20 · Score: 1, Funny
  
  It turns out that if you have physical access to a system, you can perform a pretty effective denial of service attack using a rather devious little bit of technology called a 'baseball bat'.
  
  Don't tell Ashcroft, he'll try to ban baseball in the name of national security!
  
  W
  
  --
  -------------------
  This is my SIG. There are many like it, but this one is mine.
2. Re:In other news. by Tablizer · 2003-03-15 06:08 · Score: 2, Funny
  
  It turns out that if you have physical access to a system, you can perform a pretty effective denial of service attack using a rather devious little bit of technology called a 'baseball bat'.
  
  No no no, that is a management tool.
  
  --
  Table-ized A.I.
best line from the article by zatz · 2003-03-14 21:11 · Score: 5, Funny

Fortunately for the attacker, few users are surprised these days when applications use hundreds of megabytes to accomplish trivial tasks.

--

Java: the COBOL of the new millenium.
1. Re:best line from the article by scubacuda · 2003-03-14 21:43 · Score: 3, Funny
  
  Whoops...forgot the
  
  delete [] bigAssArray;
  
  line from my code...
Re:seriously by Anonymous Coward · 2003-03-14 21:24 · Score: 3, Funny

Holy crap he signed an NDA! Mod him up more! He has more nothings to say!
viva las vegas by CrazyJim0 · 2003-03-14 21:29 · Score: 2, Funny

If you can manage to sneak an Xray thing in your keychain. If you know where a slot machine's memory is.

--
God spoke to me
Make clip on lamps illegal by Alain+Williams · 2003-03-14 21:34 · Score: 4, Funny

Surely the solution is obvious: make the posession of clip on lamps an offence under the DMCA, I cannot see why someone would want to posess such equipement unless it was to break into a computer and steal the latest music CDs....
Next Spy Gadget? by broothal · 2003-03-14 21:51 · Score: 2, Funny

At first I thought "why don't you just fire a gun instead of expensive x-rays". But once X-ray emitting devices becomes small enough, this could be a new spy gadget. Walk up to the metal detector in the airport. Point your pencil (with built in X-rays) to the scanner and zap it. Then walk right in.

Or, it can be used for lesser evil stuff as well. In the office. Find the cubicle with the guy that just hates computers. Every time you walk by him to get a cup of coffee, zap his computer with your device. Try to time it so he loses maximum amount of work. Then sit back and watch him go postal.
New Computer Cases by ExEleven · 2003-03-14 21:54 · Score: 5, Funny

"New LEAD cases from lian li to protect your system from intuders" Just another thing to worry about when it comes to security.
Alex descends into hell for a bottle of milk by m00nun1t · 2003-03-14 21:55 · Score: 5, Funny

How many websites would have an article that begins:
"A very cool scientific paper..."

Oh dear, we really are geeks, aren't we.

--
Read reviews of shopping cart software
Re:*.ppt by Anonymous Coward · 2003-03-14 22:23 · Score: 2, Funny

I loaded the .ppt into my java port of Power point.

Then as soon as I turned on my 50 watt reading lamp to set the atmosphere, It all crashed ?
Excellent Smithers!!! by Pedrito · 2003-03-15 02:27 · Score: 2, Funny

This is the last step I needed in my Java trojan I've been writing. Now all I need to do is go to everyone's house with my x-ray machine, and I'm in like Flint!
Neons by hansroy · 2003-03-15 03:57 · Score: 2, Funny

Good. Maybe all those kids with neon lights in their cases will have the same problem. I'm sure case modding was fun for awhile, but when every mod has to include the basic package of lights, fans, etc., it becomes too stock. Just like every '89 Civic I see with cut springs & an F1 wing. Yes, I am grumpy when I wake up.
Hi, its the Internet calling. by Pharmboy · 2003-03-15 04:01 · Score: 2, Funny

Yea, doing this from remote would be a little harder.....

RING RING, "Hi, um my name is 'Bob', Im from 'The Internet Company'. We think there is a problem and we need you to help us here. Um, we need you to set your computer next to your microwave for a minute. Oh, no can do?...ok, um, you got like a 50 watt lamp you can stick next to your computer case? Ok, good, yea, do that. Oh yea, and go to this java web site.....yea, I can wait..."

I GUESS you could do some social engineering to get someone to comply. Seems like it would easier to sent out a couple hundred "I make this game, its my first. Hope you like." emails with BO in them to get one to bite.

--
Tequila: It's not just for breakfast anymore!