New Cloud Attack Takes Full Control of Virtual Machines With Little Effort

C3ntaur writes: The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It's a technique that's so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment. Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of computers that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit. Now, computer scientists have developed a significantly more refined Rowhammer technique they call Flip Feng Shui. It manipulates deduplication operations that many cloud hosts use to save memory resources by sharing identical chunks of data used by two or more virtual machines. Just as traditional Feng Shui aims to create alignment or harmony in a home or office, Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer. The research paper titled "Flip Feng Shui: Hammering a Needle in the Software Stack" can be read here.

Overhyped

[OverlordQ]

Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer.

For SSH, since you can only flip one bit, you have to already know the public key you want to exploit, find a easily factorizable key one bitflip away, then get the host to dedup. So no, this wont allow somebody to hack into arbitrary servers, only if there's already been data exfiltrated.

Re: Overhyped

[Billly+Gates]

You mean like from an Amazon E3 or Azure VM

Re: Overhyped

[OverlordQ]

That'd still require them to breach Amazon.

Announced 2 weeks ago??

[haruchai]

Bit late to the party /.
How many VMs have already been compromised?

Re:Announced 2 weeks ago??

[OverlordQ]

Hardly any. Unless you're an idiot posting your public key everywhere or reusing a key, there's zero chance of this happening to you.

Re:Announced 2 weeks ago??

Aren't public keys supposed to be ... public? How else can you send PGP email to folks?

Re:Announced 2 weeks ago??

[OverlordQ]

What does that have to do with this attack?

Re:Announced 2 weeks ago??

Maybe not...
https://linux.slashdot.org/story/16/08/14/0038226/researchers-warn-linux-vendors-about-cloud-memory-hacking-trick

Re: Announced 2 weeks ago??

[BlackSabbath]

He's pointing out by example that the whole purpose of a public key is to be distributed to other parties, and that doing so is safe due to the inability* to infer the private key through factorisation. Bit flipping a properly formed key Kpub is highly likely to result in an easily factored "key" K'pub for which the private key K'priv can be trivially derived.

Re: Announced 2 weeks ago??

[OverlordQ]

And? That have no effect on being able to forge a PGP message.

Re:Announced 2 weeks ago??

No, it's a dupe, sort of.

https://linux.slashdot.org/story/16/08/14/0038226/researchers-warn-linux-vendors-about-cloud-memory-hacking-trick

Defective RAM is defective

Rowhammer in all its incarnations is not the problem. If you are vulnerable to such attacks it is because your RAM is defective. Can we stop pretending this is an exploit we need elaborate schemes to protect against and just call it what it is: A crappy products that need to be replaced from manufacturers that need to be held accountable for it.

Re:Defective RAM is defective

Since more than 80% of DDR3 is susceptible to this, are you calling basically most DRR3 "defective"?

Don't trust the cloud

Cloud services are a thunderstorm of shit waiting to fall on your head.

nowhere to go = nowhere to hide

"targetting where" is the question.

Testing for rowhammer?

[Knuckx]

Aren't modern servers tested for rowhammer?
My HP Integrity's offline diagnostics does three hammering tests, and will fail the diag if even a single read does not match what it should - and this is on a machine nearly 10 years old (though the diag disc is from 2012).

Re:Testing for rowhammer?

[epine]

and this is on a machine nearly 10 years old

No doubt, as you're hammering on DRAM cells the size of small battleships.

It's a whole different matter when your DRAM cells have their little button noses pressed up against the scaling wall.

Re: Testing for rowhammer?

[Billly+Gates]

It's a bug in implementation. Not low quality hardware as this is designed to share ram like a pointer

Good name choice

[OneHundredAndTen]

Calling it Feng Shui has a good ring to it - like Feng Shui, this is seems to be an overhyped PoS.

Not that easy

[Barnoid]

It's an interesting idea and nicely carried out, but in the real world I doubt this is of much concern. For the attack to be successful, all of the following must hold
1. memory susceptible to rowhammer attack (in itself not trivial - only few and given memory locations can be flipped)
2. VM manager merges physically identical pages of unrelated VMs (i.e., the identical memory pages of different VMs point to the same physical page)
3. attacker VM must know the contents of the page in the victim VM
4. attacker must register a page with the to-be-attacked contents before the victim VM does so that it can somewhat control its physical location and use rowhammer on it

Especially #3 is not easy. In the paper, the authors assume they know all SSH authorized keys of the victim page which seems a bit far-fetched. Pages holding OS contents are easier to guess; I think an attack on those is more probable.

Also, the fix is trivial. Don't buy cheap RAM that can be attacked with rowhammer for your data centers.

Re:Not that easy

Number 2 is also fairly far fetched...

I would like to know which providers are deduplicating memory? Is this a vmware feature used in private infrastructure?

Re:Not that easy

The majority of the VMware and KVM environments I've seen (ranging in scale from small private deployments to extremely large "enterprise" environments) have hypervisor level memory deduplication enabled. This has been the norm for years now. -PCP

Re:Not that easy

Number 2 is also fairly far fetched...

I would like to know which providers are deduplicating memory? Is this a vmware feature used in private infrastructure?

Answer: All of them. Why copy 50 or 100 variants of kernels, libs, registry portions, apps, etc into memory when you can do it once?

Re:Not that easy

Pick a page of kernel code that you'd like to exploit. Have the same page in your userspace. Rowhammer it. Voila, exploit any host on the machine you want.

This is pretty much game over for shared hosting on vulnerable systems. Turning off KSM might help it a little but it's still a clusterfuck of NOPE.

Re:Not that easy

[jopsen]

For the record doesn't look like EC2 has memory deduplication turned on: https://forums.aws.amazon.com/...

Re:Not that easy

[lars_stefan_axelsson]

For the attack to be successful, all of the following must hold...

And yet, the old NSA saying that "attacks only get better, they never get worse", is an apt reminder. While it may not be practical today, it was just made more practical. Whatever happens next, the attack will not get worse. Expect people to work at all the listed limitations, and who knows...

So, even if there isn't reason to suspect a full blown jump-out-of-the-windows fire just yet, there's a definite smell of smoke in the air.

Re:Not that easy

[kscguru]

VMware has shipped with hypervisor-level memory deduplication off by default since 2014, precisely because of this style of attack.

Being secure against this sort of attack has been the norm for years now.

Re:Not that easy

Doesn't ECC memory hamper this attack? I would assume most data-center servers use at least ECC or FB memory.

Cloud Attack

[ben_kelley]

Cloud attack starts at about 0:54 https://www.youtube.com/watch?... (Monkey Magic)

Is this "I told you so" week?

[dbIII]

First the obvious Dropbox hassles, next the obvious single signon hassles and now this.

A while ago a popular VM hosting application used to tell everyone on a splash screen on startup that Virtual Machines are not a security feature.
If you want security you use something designed for it - chroot, zones, "containers" - plenty of choice.

Re:Is this "I told you so" week?

If you want security you use something designed for it - chroot

Chroot's are not a security feature, either.

How safe or Azure and Amazon clouds

[Billly+Gates]

Many and mean corporations are moving to the cloud or already there.

Shared virtual machine images

[jopsen]

3. attacker VM must know the contents of the page in the victim VM

Not that hard... Often people will use a public virtual machine image for database server, proxy, load-balancer, or container host. I'm sure coreos is rarely customized, I see few reasons to do. It's often neat to attach extra disks and use cloud-init to configure VMs, rather than building custom VMs.

And even if you do build custom VMs, you're often basing it of some official VM.

Re: Shared virtual machine images

Using the same image does still not mean that data will appear on the same memory locations. Most modern os:es rabdomizes the locations on boot.