RowHammer: A powerful new attack

In 2014, a group of researchers from Carnegie Mellon University and Intel published a new kind of disturbance attack on DRAM: rowHammer [1]. At the difference of SRAM (static), DRAM (dynamic) need regular refreshing to keep their memory. DRAM are organized by rows. Indeed, when reading or writing to an address, the circuit access the full row rather than only one specific cell. Cells are susceptible to inter-cell crosstalk (like any electronic elements). The researchers discovered the fast, repetitive reading of two rows they could generate a high rate of disturbances that produce errors in the memory. The actual code to produce errors is simple and short. It is a simple loop that reads two addresses, flushes the registers and the instruction cache. A typical 1 million iterations takes less than one second. The code does not need to be root. They tested 129 different DDR3 DRAM commercial modules. They induced errors in 110 modules.

Thus, they demonstrate that with simple software, it was possible to wreck DRAM memory.

This month, Google researchers went one step further. They used the rowHammer technique to create actual fault injection. On a standard x86-64 bit machine, they demonstrated two exploits [2].

  • Native Client (NACl) is a sandboxing system that allows only a limited subset of instructions. They were able to have ‘blacklisted’ instructions to execute in the NACl environment.
  • They succeeded to escalate the privilege to Kernel privilege on a standard Linux.

Of course, these exploits have some limitations. The escalation was done only on a Linux machine without some sandboxing mechanisms. Nevertheless, they highlight that rowHammer may become a powerful fault injection tool. The interesting part of rowHammer is that it is purely software.

Currently, they have only experimented rowHammer on standard DRAM commercial modules. This may be an interesting way to bypass some trusted execution environment that isolate the DRAM space.

DRAM for servers should be more resistant to rowHammer as Error Correction is embedded in the chip. Nevertheless, error correction can only correct a limited amount of simultaneous errors. It may be possible perhaps to also overflow the correction. If rowHammer would be possible on DRAM for servers, then it may be a potential interesting attack vector in the public cloud. The attacker may either bypass the sandbox or impair the memory of another user of the same server.

We may see in coming months more studies and exploits around rowHammer. Will it have the same impact than side channel attacks? To be surveyed…

The two papers are worthwhile to read. Read them in the chronological order.

[1]    Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors,” in Proceeding of the 41st annual international symposium on Computer architecture, 2014, pp. 361–372.

[2]    C. Evans, “Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges,” Project Zero, 09-Mar-2015.


Lenovo, Superfish, Komodia: a Man In The Middle story

Lenovo has made this week the headlines with the alleged malware: superfish.   Lenovo delivered  some PCx loaded with “bloatware” Superfish.  Superfish provides solution that performs visual search.  Seemingly, Superfish designed a software that allowed to place contextual ads on the web browsing experience.   To perform this highjacking, superfish uses a software stack from Komodia:  SSL Digestor.  According to the site of Komodia:

Our advanced SSL hijacker SDK is a brand new technology that allows you to access data that was encrypted using SSL and perform on the fly SSL decryption. The hijacker uses Komodia’s Redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning.

How does Komodia do the decryption without triggering the certificate validation of the browser?   The CERT has disclosed on Thursday the trick with its vulnerability note VU#529496.

Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing

Komodia install stealthily its own root certificate within the browsers’ CA repository.   The stack holds its private key. This allows to ‘self-sign’ certificate to forge SSL connection.  The software then generates a typical Man In The Middle.   Despite the private key was encrypted, it was possible to extract some corresponding private keys (easy to guess the password; komodia).  This means that as long as the root key is not erased from browsers’ repository, an attacker may use the corresponding private key.  The attacker may sign malware that would be accepted by the machine, and generate phony certificates for phishing.   In other words, other principals than Superfish may use the hack for infecting Lenovo computers.

Lenovo provided a patch that removed the Superfish application.   Unfortunately, the patch does not erase the malicious certificate.  Microsoft provided such patch, and Mozilla should soon revoke it.

This is a perfect example of supply chain attack. The main difference is that the supplier voluntarily infected its product.    Do never forget law 4: Trust No One.

PS:  at the time of writing, the Komodia site was down, allegedly for a DOS.  It may also be because too many people try to visit the site.

Does your TV set watch you?

Benjamin Michele and Andrew Karpow presented a scary Proof of Concept  using two Samsung Smart TVs.  They used the integrated media player of these Smart TV set.  For the most recent one, they discovered that the TV set used a 2011 version of the open source FFMPEG’s libavformat library. This library identifies the type of content to be played and demux it before the content is transmitted to Samsung’s proprietary media player.  The libavformat library supports many containers.  It is a complex piece of software, and as such as many new discovered bugs. By scanning the bug-tracking database of this open source library, the researchers selected one vulnerability that was not patched in the version used by the TV set.  This vulnerability allowed them to execute arbitrary code when playing a forged content.  As the player executes in root shell, the forged payload also executes in root shell.  This means that the payload has full access to the platform.  As the Smart TV had an integrated camera and microphone, they wrote an exploit that captured the video of the camera and the sound from the microphone.  The captured information can then be sent to a remote server.  As the payload is encapsulated in a real movie, the consumer is not aware that his TV set is being infected and that he is spied.  The researchers found a way to flash the Smart TV set and thus make the infection permanent.

Of course, the payload could do other things.  The researchers could perform a thorough analysis of the TV set because they succeeded to get root access, and thus could explore the system and easily work on the exploit. The target were Samsung TV sets.  Most probably, any other smart TV of any brand could be attacked in a similar way but using another vulnerability.

This POC highlights several interesting points:

  • This exploit highlights an important issue of IoT.  Will devices in the field be upgraded and securely patched?  There are two issues that are not yet solved:
    • Will manufacturers do the security maintenance for the lifetime of the product?   Currently, the business model is to sell one device and not maintain it (unless there is a very serious bug that impact the behaviour).  How could the manufacturer finance this maintenance?  In the software world, maintenance is financed by either new version or maintenance contract for professional expensive applications.  This is not the case in the consumer domain.
    • Will consumers apply the patch?  The likelihood is low if we extrapolate from the computer world. Too many consumers’ computers are not patched.
  • The wide use of open source libraries has brought some benefits.  It is less expensive for companies and it is claimed to be more secure.  Unfortunately, it also has its downside.
    • This last claim is only true if all systems would be patched.  If it is not the case, then the use of widely deployed open source libraries may be an advantage for the attackers.  The attacker can experiment on his own system before trying on the targeted device.
    • Furthermore, the more a ‘common’ library is deployed, the more targets will be hit whenever a vulnerability is found in this library.  Heartbleed is a good illustration.
  • The more features a device has, the higher the risk to have vulnerabilities.


Michele, Benjamin, and Andrew Karpow. “Watch and Be Watched:  Compromising All Smart TV Generations.” In Proc. of the 11th Consumer Communications and Networking Conference (CCNC). Las Vegas, NV, USA: IEEE, 2014.

Thundertrike: the first bootkit for Mac OS X

At CCC 2014 winter session, Trammel Hudson disclosed the first known proof of concept of a bootkit for Mac OS X.   Bootkits are a special category of rootkits that stealthily infect the master boot record or volume boot record.  In other words, it is a rootkit that installs itself in the boot system of the machine.

His exploit uses several weaknesses in the boot system of Mac OS X.

  1. The integrity of the boot ROM (which is indeed an EEPROM, to allow an upgrade) is protected by a CRC32 rather than by a cryptographic signature.  Unfortunately, the purpose of CRC is to check whether the software is not corrupted (i.e. no mistake),  CRC does not verify whether a software was altered.  He knows now that he may alter the boot process software.  He now had to find a smart way to do it.
  2. The firmware, to upgrade with Extensible Firmware Interface (EFI), is RSA 2048 signed.  However, the check is done by the boot software that can be impaired.  EFI is the replacement of BIOS. At this point, he knows that he may load his own firmware at boot using EFI.  But how could it provide the firmware to the targeted machine?
  3. He used a trick that was demonstrated in 2012.  At boot time, EFI asks externally connected devices via PCIe if they have any Option ROMs to execute.  Thunderbolt port allows thus to load an arbitrary firmware from a connected device.
  4. He fooled the boot firmware by replacing Apple’s public key with his own public key letting Apple software taking care of checking his malware.   Later, this key is written down in the ROM thus preventing any Apple legitimate upgrade to occur . Only upgrades signed by his private key will be accepted.

The potential attack is to have a forged thunderbolt device with the malware as Option ROM.  The attacker needs physical access to the target, boot it with the connected thunderbolt device, and then the attacker owns the machine.  It is fast.

This only a proof concept and no field attack have been yet discovered.  Apple is preparing fixes that do not allow Option ROM during a firmware upgrade.  The patch is already available for new Mac Mini and Retina.  It will be available soon for all Thunderbolt models.

He mitigates the error of Apple for using CRC32 rather than crypto by stating:

In actuality, any software-only validation is doomed to fail since if an attacker can get code into the ROM, they can just skip that software validation. Either by always returning true or by returning a cached value computed over the boot  ROM. Without some sort of hardware cryptographic signature checks or an actual, unchangable mask ROM, this sort of software-only attempt is futile.

His presentation, which he retranscripted on his site, is an excellent description of the work of a reverse engineer.  He shows some tricks such as looking for strings (too often there are printf remaining in the code), look for hexadecimal sequences on the Net to find corresponding tool signature, …  An excellent reading.

Lesson:  Law 1: attackers will always find their way (even on Mac)

Unlocking phone in the US: is it illegal?

In 2010, the Librarian of Congress ruled that unlocking a phone to be able to move to another carrier was legal.   On 26th October 2012, the Librarian of Congress has changed his mind.  Unlocking phones purchased after January 2013 will be again illegal.


In the same ruling, the Librarian of Congress allowed the jailbreaking of iPhones for interoperability, but did forbid it for iPads!

Wireless telephone handsets – software interoperability
Computer programs that enable wireless telephone handsets to execute lawfully obtained  software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications with computer programs
on the telephone handset.

This exemption is a modification of the proponents’ proposal. It permits the circumvention of computer programs on mobile phones to enable interoperability of non-vendor-approved software applications (often referred to as “jailbreaking”),but does not apply to tablets – as had been requested by proponents – because the record did not support it.

Recently, the White House officially announced that it was

Time to Legalize Cell Phone Unlocking

How the White House will try to revert the Librarian ruling is unclear.

Once more, we see that interpretation of DMCA is complex and evolving with time.  Some decisions may even seem strange: authorizing mobile phone but not tablets (despite they use the same OS, and may act as phones), is difficult to understand for consumers.

Murdoch’s pirates

images   In 2008, I wrote a post about “Big Gun”, a hacker who was supposed to have worked for NDS to hack competitors.  It followed a suite of lawsuits against News.

This was only a small portion of the large picture of NDS story.  With Murdoch’s pirates, Neil Chenoweth has just published a detailed description of how NDS acted to “keep ahead” of its competitors.  And the story is as good as a good spying book.  The difference is that this is real.  And unlike in Hollywood movies, morale does not win.

You will discover the dark side of News and NDS. The book is not technical (there are even some inaccuracies).  But the story is based on all the documents that were published during the multiple trials.

I do not like the style of the author.  Despite he uses real information, he is not objective and takes clearly position.  Furthermore, the two first sections are not following a linear narrations.  This makes the introduction of the “heroes” of this book difficult to follow.  Nevertheless, if you are working, or have worked, with Conditional Access providers, you will be thrilled by the book.

From the personal view, as I have met several of the early actors of this book, while we were designing videocrypt, it was a strange experience to discover very dark parts of some of them.   I was not naïve, nevertheless it was worst than my darkest assumptions.


CA guys, read this book.

Notes on PST 2012: (day 1: Innovation day)

Here are some notes on the first day of  PST2012.  These notes are personal and biased in the sense that they reflect what topics did ping me.  As such, they are not exhaustively representing the content of the various presentations.

Today’s challenges of cybercrime (E. FREYSSINET)

Eric is the head of the cyber crime department of French gendarmerie.  As such, he has a deep knowledge of today’s cybercrime as he is fighting it.

He first presented the big trends and issues:

  • Data to analyze is exploding
  • Organized crime;  interestingly, organized crime entered the game only lately.  The target that attracted organized crime was car theft that required electronic specialist due to increased electronic defense;  then, organized crime jumped to electronic money.
  • Cryptography becomes more generalized.  It has impact.  for instance, house search has to occur at a time of the day when the computer is already switched on.

Then he described more some cases.  A few excerpt:

  • Crime against children; This is one of the most important threat handled by his team (25% of the cases).  Several hundreds cases per year in France.   The best defense is the education of children
  • Attacks on IT system;  Botnets become the core element of many IT attacks.  Often individuals do the tools, and are hired by organization that install such infrastructure.   Interestingly, many SMEs are attacking each others!
  • There is a real business approach behind such crime.  Carders are offering professional sites with customer supports.  Malware is sold with a licensing approach, CMS,…

Then he presented a typical attack: the police ransomware.  A malware blocks the computer, sometimes encrypts data and display a message supposed to be issued by police claiming that you violated the law and have to pay a fine.  10% of the infected people pay the alleged fine.

Cyber Defense

Can we protect against the unknown?  (D. BIZEUL, Cassidian, Head of Security Assurance)

The focus of the presentation is on APT (Advanced Persistent Threat)

The six steps of APT:

  1. Information gathering
  2. Vulnerability identification
  3. Spear phishing/RAT installation
  4. Pass the hash protection/ propagation (for escalation)
  5. Malware and pack of tools
  6. Exfiltration

Detection of steps 3 to 6 should use reputation evaluation, Statistics and of course log.  Thus, it is recommended to have savvy IT team, cyber intelligence, IDS/IPS and SIEM & SOC.  Cyber intelligence is key.

CERT, CSIRT  (O. CALEFF, Devoteam)

Presentation of what a CERT/CSIRT is , and how it works.

Cyber defense tools: the sourcefire example (Y. LE BORGNE)

He explains how an Intrusion Prevention System (IPS) works:

  • Stage 1:  decoder of packets
  • Stage 2: pre-processor to normalize data
  • Stage 3: Rules engine

Why are there still intrusions?

  • The client side is more prevalent and it is the best place to attack.
  • File complexity is a good vector for malware
  • IDS exploitation is too complex
  • IPS needs skill for exploitation

Evolution of Snort

New pre-processors (gtp, modbus…), http compression.

>Deeper detection (cookies, javascript obfuscation…)

The message is that human is the key element.  Thus, they claim to simplify the task by focusing the reporting.


APT is more a buzz word.  It is not new.  The most important aspect is the Persistent Threat aspect.


Keynote: The authorization leap from rights to attributes: Maturation or Chaos? (R. Sandhu)

Ravi is the father of Role Based  Access Control (RBAC).   Will RBAC be replaced by Attribute Based Access Control?   In any case, we’re going towards flexible policy.  According to him, the main issue with Access Control is and will always be the analog hole.  Smile   The main defect of RBAC is that it does not offer an extension framework.  Thus, it is difficult to cope with short comings;  ABAC has the advantage to offer inherent extensibility by adding for instance attributes.

Security policy requires Policy Enforcement, Policy Specifications and Policy Administration.

He believes in Security as a Service because there will be an incentive to  properly secure stuff else you change the service provider.

SME session

Arxan (M. NOCTOR)

Nothing new.  If you don’t know Arxan, and if you need software tamper resistance, visit their site.


How to strip off a TV set?  He highlights the risk  of connected TVs that are not  secure at all, although they may handle confidential data such as credit card number.

Secure IC (P. NGUYEN)

Silicon Security;   Usual presentation on side channel attacks.   The new attacks are Correlation Power Analysis and Mutual Information Analysis (new since 2010)  The new trend is to use Information Theory realted metrics.  They have  a dual rail family with formally proved security (to be presented at CHES2012)