- Feb 7, 2014
- 1,540
Millions of Web users could be vulnerable to an attack on their computer's DRAM via the Web, a surprising development that expands on a bug that has increasingly worried computer security experts.
It has been known for several years that densely packed memory cells on computers are vulnerable to intentional interference. But a new research paper details how an attack could be conducted over the Web, dramatically increasing the danger to users.
11 signs you've been hacked -- and learn how to fight back, in InfoWorld's PDF special report. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
The new paper, published by Austrian and French institutions, could prompt a new urgency among chip makers to find a long-term solution to the so-called Rowhammer problem.
DRAM is vulnerable to electrical interference because the cells are packed so closely together, a characteristic that has increased their memory capacity but come at a cost.
earlier this year they developed two successful exploits: a privilege escalation attack and another one that used rowhammer-induced bit flips to gain kernel-level privileges. However, the exploits had to be installed on a user's machine.
What is remarkable about the latest paper is that such an attack could be conducted over Web using JavaScript. Their proof-of-concept code, Rowhammer.js, was tested in Firefox 39, "but our attack technique is generic and can be applied to any architecture, programming language and runtime environment," they wrote.
It also doesn't require physical access to a computer, which makes it a lot more dangerous. That also means that large numbers of people could be targeted over the Web, increasing its potential victim pool.
The rest of this news can found here at this link= http://www.infoworld.com/article/29...hing-webbased-attack-on-a-computers-dram.html
It has been known for several years that densely packed memory cells on computers are vulnerable to intentional interference. But a new research paper details how an attack could be conducted over the Web, dramatically increasing the danger to users.
11 signs you've been hacked -- and learn how to fight back, in InfoWorld's PDF special report. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
The new paper, published by Austrian and French institutions, could prompt a new urgency among chip makers to find a long-term solution to the so-called Rowhammer problem.
DRAM is vulnerable to electrical interference because the cells are packed so closely together, a characteristic that has increased their memory capacity but come at a cost.
earlier this year they developed two successful exploits: a privilege escalation attack and another one that used rowhammer-induced bit flips to gain kernel-level privileges. However, the exploits had to be installed on a user's machine.
What is remarkable about the latest paper is that such an attack could be conducted over Web using JavaScript. Their proof-of-concept code, Rowhammer.js, was tested in Firefox 39, "but our attack technique is generic and can be applied to any architecture, programming language and runtime environment," they wrote.
It also doesn't require physical access to a computer, which makes it a lot more dangerous. That also means that large numbers of people could be targeted over the Web, increasing its potential victim pool.
The rest of this news can found here at this link= http://www.infoworld.com/article/29...hing-webbased-attack-on-a-computers-dram.html