Using Memory Errors to Attack a Virtual Machine

gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"

This just in!

[G-funk]

Reports are sketchy at present, but we're being led to believe that it's easy to compromise a machine to which you have physical access!

Film at 11.

Re:This just in!

[smallpaul]

Reports are sketchy at present, but we're being led to believe that it's easy to compromise a machine to which you have physical access!

Bet you didn't even read the abstract. Here's the relevant bit:

Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat.

Re:This just in!

[Com2Kid]

If I can drag in a machine capable of producing sufficient x-rays to within range of the computer.

Well fuck it, I can just get a screw driver and OPEN the mofo.

It has ALREADY been proven that no matter how hard something is protected / encrypted / etc, given enough time (and resources!) it will ALWAYS be possible to break though whatever protection measures are in the way. The ONLY 100% secure computing environment is a

Well heck, actualy there ISN'T one, because even a keyboard going into a big grey locked steel box can have its wires taped so when an authorized user DOES use it the applicable passwords can be captured.

Basicaly we are all fucked. The good news is that the orgy WILL be broadcast on the playboy channel for only 39.95.

Re:This just in!

[Com2Kid]

• Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat.

If somebody intent on breaking through the smart card's security has access to the smart card, then sooner or later the security WILL be broken. Encrypting data is NOT a foolproof way to keep things safe, though having the security measures last a dozen or so years IS a rather safe second bet. :)

Re:This just in!

[anubi]

"Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat."

I would imagine that nasty EMI spikes you may couple to the inside of the box, or medical radioactive sources would work too.

Just a guess, but I have sure had my share of EMI and radiation induced problems.

Re:This just in!

[lord+sibn]

Page 7, Paragraph 3:

"To attack machines without physical access, the attacker can rely on natural memory errors."

This paper showed some means an attacker could physically cause a memory error, but it never said that such intervention was required to stage the attack. My guess is that this would be most useful with those "low load" ram chips that ran on slashdot a while back.

Re:This just in!

[You're+All+Wrong]

Didn't you notice that the talks/ directory serves a page which is:
"
HTML composed using mozilla 0.9.9 on a Redhat Linux 8.0 machine. Best viewed in any browser
"

So _obviously_ the guy's interested in making sure that _everyone_ can read his work. It's just a shame that he seemed to forget that when writing up all his work. Duh!

Anyway, the Powerpoint file viewer that I use under linux is called "strings". Amazingly it sometimes even works!

YAW.

Re:This just in!

[mentin]

Well, there are already many error-induction attacks agains smart cards (some references in the article), that don't involve JVM running untrusted code.

So if I can break smart card event if is does not run any my [untrusted] code, who cares about attack to smart card that allows to run untrusted code? Besides, I've never seen any smartcard that actually does this stupid thing.

A better target for attack may be a server at a nuclear reactor facility that has natural high rate of memory failures :)

Re:This just in!

[arvindn]

If somebody intent on breaking through the smart card's security has access to the smart card, then sooner or later the security WILL be broken.

Get a clue. The whole point of a smart card is to keep the data safe even in the event of physical tampering. For this purpose, the processor of a smart card is enclosed in a black box which will chemically self-destruct if you try to tamper with it. Much research on smart cards goes into ensuring that security can not be broken in spite of physical access.

Some pointers:

• Smart card FAQ
• Design principles for tamper resistant smart card processors
• Low cost attacks on tamper resistant smart card devices

Re:This just in!

[You're+All+Wrong]

"One commodore 64 demo program (just a few POKE statements)..."

You're not thinking of the Commodore PET "urban legend" are you?
C64 != PET. PET != C64. Don't let the big long "Commodore" word confuse you.

For more info on the blow-up-your-PET story, try:
http://www.softwolves.pp.se/misc/arkiv/cbm-h ackers /1/1505.html

YAW.

Re:This just in!

[Com2Kid]

• Get a clue. The whole point of a smart card is to keep the data safe even in the event of physical tampering. For this purpose, the processor of a smart card is enclosed in a black box which will chemically self-destruct if you try to tamper with it. Much research on smart cards goes into ensuring that security can not be broken in spite of physical access.

Sorry, I am used to seeing regular static memory chips marketed as being "smart cards", I did not realize that there was an actual secure version of the things. Buzzwords got to me. ^_^

Any encryption can still be broken through though brute force.

Hmm, from the first site you linked to;

• Entertainment: Most DSS dishes in the U.S. have smart cards.

----http://smartcard.nist.gov/faq.html

Yah, and we all know how secure those are! Yup, DSS security has never been bypassed once! ;)

Re:This just in!

[Large+Green+Mallard]

Smart Cards will protect themselves to some extent, but the oft quoted voltage draw analysys is something they can't protect against..

What you really need for a physically secure device is an IBM 4758 CryptoCard.. of course, for it to be useful, you need it protected against key recovery attacks.

Re:This just in!

[omnirealm]

Any encryption can still be broken through though brute force.

This is simply not true. One-time pads are 100% unbreakable, and they will always be unbreakable (at least mathematically speaking), no matter how sophisticated technology gets in the future. For those who are unfamiliar with the concept, a one-time pad is a cryptographically random string of 1's and 0's, which is at least of the same length of the message itself. Two parties have a secure channel in which to exchange these pads; for example, if Alice and Bob wish to use one-time pads, Alice can generate a list of 10,000 cryptographically random strings, put them in a suitcase that is handcuffed to her wrist, and deliver them to Bob in person. Bob and Alice then have a set of one-time pads that they can use for all future communication. Each time they encrypt a message with one of the pads, they discard the pad and never use it again. Because the pad is at least the length of any messages they might pass back and forth, there is no way to analyze the encrypted message for patterns. It is mathematically impossible. You could easily come up strings of 1's and 0's that would ``decrypt'' the message into anything, be it passages from the Bible, or Ogg Vorbis encoded music. You would have no idea which set of 1's and 0's produced the actual original message. This is truly unbreakable encryption on a mathematical level.

Most companies claiming that their encryption is ``unbreakable'' are using one-time pads; the problem is reduced to finding a secure channel of communications in which to transmit those pads. This is usually not a feasible assumption, which is why we all prefer using, for example, Diffie-Hellman key exchange, which depends on the difficulty of math involving discrete logarithms. The encryption we now use is breakable, but it is hard enough to break that it is generally considered secure.

Re:This just in!

[rjh]

Any encryption can still be broken through though brute force

<sigh> You know, I answered just this same question yesterday... </sigh>

As a thermodynamic minimum it takes 4.4 * 10**-26 joules to set a bit. (Well, it takes that much to erase one bit of information. But that's quibbling.) So multiply that by 256, for the number of bits in an AES key, and you get 1.1 * 10**-23 joules to store a key.

Now multiply this by 2**255, which is the number of AES keys you'd have to try to break it by brute force (on average). You get 6.4 * 10**53 joules of energy needed.

The total annual energy output of the Sun is on the order of 10**34 joules. Multiply that by 10**10 to compute the total energy release over the Sun's entire lifespan (yes, this is a nasty kludge of an estimate, I know the Sun's energy output varies) and you get 10**44 joules of energy.

Which means you've only exhausted one billionth of the damn keyspace.

No, you can't break any encryption through brute force. There just isn't enough energy in the universe to do it, even positing thermodynamically-perfect computers operating at 3.2K.

the implications!!

[kaworu-sama]

Now when I benchmark my computer using the punch-the-monkey java applet using a 50 watt spotlight, I'll have to be more careful!

A quick workaround...

[AnriL]

Just overclock your tamper-resistant machine to the bleeding edge of running at maximum MHz you can get. Tweak the speed to the point that the body heat emitted by regular users will not overheat the CPU, but anyone approaching the machine with a 50 Watt bulb would fry the machine before gaining access to data.

However, now you get a denial of service attack, but hey, it's better than information disclosure or arbitrary code execution. :-)

End of Slashdot

[MegaFur]

Oh great, it must be the Apocolypse or something. They actually posted a *link* to a *PowerPoint* document in a Slashdot article! Worse yet, no one seems concerned.

Re:End of Slashdot

[error0x100]

They actually posted a *link* to a *PowerPoint* document in a Slashdot article! Worse yet, no one seems concerned.

Noone reads the articles, so they probably didn't even notice. OK, *I* didn't notice.

Re:End of Slashdot

[zulux]

Just to infoome people who may not know:

The file loads just fine in OpenOffice.

OpenOffice is available free (beer and speech) at OpenOffice.org for Windows, Linux, MAC OS X, FreeBSD and Solaris.

I'm sure Apple's Keynote works as well.

New nifty trick for a hacker book

[bluelan]

You wouldn't necessarily need physical access to the machine itself. It might be possible to perform this exploit by gaining access to a machine's air conditioning unit and disabling it at an inconvenient time. That could raise heat enough to cause RAM performance to degrade and make the success of the exploit more likely.

If the air conditioner went out at midnight, most system administrators wouldn't know until the morning.

I'm reminded of Knuth's quote

[arvindn]

"Beware of bugs in the above code; I have only proved it correct, not tried it."

Apparently, the security of the JVM type system has been subject to machine-checked proofs. Yet, a single bit error in memory can be exploited with 70% probability.

This just in...

[scubacuda]

...you can fuck up a monitor with a big ass magnet!

(There are some things you just never forget from your high school physics lab)

Re:This just in...

[BusterB]

In a color TV, there are three types of phosphors, red, green and blue. The electron guns (or gun in a trinitron) must be aligned so that they hit the correct phosphors. Otherwise, the colors look off. The guns are typically aligned with an appeture mask or grille, which snaps the electron streams into place above their respective phosphors.

A black-and-white TV has only one type of phosphor, so it is not as important that the electron streams hit the correct, absolute position on the screen. The screen is uniformly coated, and I don't believe there is an appeture screen on these types of screens.

So, what happens when you hold a magnet to the screen? For one, you deflect the electron streams, so you get a temporarily distorted image, and the colors are off because the electron streams are pointing to the wrong phosphors. With B/W, it just doesn't matter; a phosphor is a phosphor.

Additionally, a powerful magnet can permanently distort or magnetize the metal appeture mask/grille, causing permanent damage the the screen's ability to align electron streams to the appropriate phosphors.

And that's it. I may have misspelled appeture. Oh well.

In other news.

[MisterFancypants]

It turns out that if you have physical access to a system, you can perform a pretty effective denial of service attack using a rather devious little bit of technology called a 'baseball bat'.

best line from the article

[zatz]

Fortunately for the attacker, few users are surprised these days when applications use hundreds of megabytes to accomplish trivial tasks.

Re:best line from the article

[scubacuda]

Whoops...forgot the

delete [] bigAssArray;

line from my code...

Re:seriously

Holy crap he signed an NDA! Mod him up more! He has more nothings to say!

Make clip on lamps illegal

[Alain+Williams]

Surely the solution is obvious: make the posession of clip on lamps an offence under the DMCA, I cannot see why someone would want to posess such equipement unless it was to break into a computer and steal the latest music CDs....

Simple countermeasure?

[The+Clockwork+Troll]

Whenever your code has occasion to store a boolean value (for later test/comparison), store multiple copies of it at predictable but "geographically" disparate locations in RAM.

Then, when doing the test/comparison, if there is not consensus in the bits (they should be all 1 or all 0), you know some memory error has occurred. The confidence level in the boolean test could be made arbitrarily high by storing increasing numbers of redundant bits.

This would slow things down considerably but it seems cheaper than lead cases.

This countermeasure is obviously not foolproof because most branches ultimately come down to a single register test but perhaps it's an improvement? Comments?

Secrecy my arse.

[Gordonjcp]

It's been known for a *very, very* long time that semiconductors are light sensitive. It's been known for a reasonably long time that the tiny capacitors that make up dynamic RAM are very sensitive to light. In fact, there was a project in Byte magazine in the late 1970s that used a 4116 DRAM chip with the top cut off as a black-and-white CCD camera. It worked remarkably well.

Using bit errors to flake out machines, where there is no parity or other error checking, is very far removed from "secret tinfoil hat" stuff. Why do you think chips are packed in black epoxy?

New Computer Cases

[ExEleven]

"New LEAD cases from lian li to protect your system from intuders" Just another thing to worry about when it comes to security.

Re:*.ppt

[metlin]

A non-animated PDF version here.

Link is valid for 7 days :-)

Alex descends into hell for a bottle of milk

[m00nun1t]

How many websites would have an article that begins:
"A very cool scientific paper..."

Oh dear, we really are geeks, aren't we.

a side note about developement of ecc

[bloodbob]

I Believe I could be mistaken but the guy who made up the finite state machine for ECC had a mental break down. Making something like that is very complex I wonder how long parity checks which offer no correction where thought to be state of the art.

Re:This attack doesn't look very effective

[czarneki]

Um... no. The paper states that if a single-bit error can be induced, then the probability that this single-bit error will then allow the exploiting program to execute arbirary code (as opposed to causing the OS or the VM to crash, etc) is 70%.

So, keep in mind that there are two components to this exploit: 1) writing a program that takes advantage of single-bit errors to execute arbitrary code, and 2) wait for cosmic rays or direct some radiation yourself at the hardware to induce soft errors. The effectiveness depends largely on how quickly/reliably you can induce such errors w/out crashing the machine in the process.

Maybe the techniques for programming the exploit program described here are well known to more experienced programmers, but I found the article extremely interesting and enlightening. I've been taught for years about the superiority of Java's type system as a security measure, and I know that a lot of theoretical work and proofs have been done to show that Java's type system is secure, but this exploit manages to get around the type safety with such a simple trick that I'm kicking myself for not having seen it myself. It's almost elegant, the way they get it done.

ECC for making machines .... **cheaper** !

[Morgaine]

This (excellent) paper alludes to the usual situation that cheaper machines tend not to use ECC in memory modules and in other parts of their architecture in order to save on manufacturing costs.

Note however that this common perception is not strictly speaking entirely accurate or necessary, because if a system is designed to meet a given level of reliability then a machine with ECC may end up being cheaper than one without ECC, because the error detection and correction can make up for reduced reliability in the rest of the hardware.

As an example, some components may be run closer to their operating limits, possibly partially overclocked, or power supplies may be less well regulated and hence electronic noise margins may be slightly compromised, or the system may be designed with substandard cooling, and so on. ECC could help mitigate some of the effects of such presumably cheaper designs, while still maintaining the reliability of better implementions.

So, there's slightly more to the "ECC only found in better systems" argument than at first meets the eye. As usual, caveat emptor. :-)

In the lab today, in the wild tomorrow...

[donert]

This is good stuff. Although the experiment used physical access to stress the memory, the theory could be used as an exploit in real situations in ways that the narrow of mind (like me) cannot conceive.

Perhaps this is not a method of practical attack on a machine. But it may be just a matter of creative thinking.

The key take away is to not disallow the possiblity.

Threats you discard as harmless is a logical place for an attacker to begin. Remeber the Maginot line.

Even submitters don't read the article

[dmadole]

I expect posters to not read the article (well, ppt), but even the submitter didn't read it?

The article does mention x-rays, saying "not enough energy to change a DRAM capacitor." Yet everyone talks about x-rays...

I found the phrase from the article "screw driver to remove hard drive" amusing when I first read it. Then I realized they meant "screwdriver". I thought initially they were referring to a DOS attack by corrupting the device driver!

Brute force

[Xner]

Any encryption can still be broken through though brute force.

And any literary work can be obtained with an infinite number of monkeys sitting at an infinite number of typewriters for an infinitely long period of time.

Most serious ciphers attacked using brute force with contemporary technology will probably hold out until the universe's heat death. Not to mention the fact that some experts claim that there simply is not enough energy in the universe to cycle a 128 bit counter through all its states, let alone perform any computations.

palladium

[astrashe]

One use for this sort of thing might be to get a palladium system to do something it's not supposed to. In that case you'd have access to your own machine.

Palladium is just a specialized VM that runs on tamper proof hardware, that's designed to let other people trust the results of some computations performed on your machine.