Quebrar protecções de segurança alterando bits de memória

GOOGLERS’ EPIC HACK EXPLOITS HOW MEMORY LEAKS ELECTRICITY
Wired

AS MOORE’S LAW has packed more and more transistors onto a single memory chip, scientists have fretted for years that electric charges that “leak” out from those tiny components might cause unpredictable errors in neighboring semiconductors. But now a team of Google researchers has demonstrated a more unexpected problem with that electromagnetic leakage: hackers can use it to purposefully corrupt portions of some laptops’ memory, and even to bypass the security protections of those computers.

In a post on its Google Project Zero security blog Monday, a group of the company’s researchers revealed new hacker exploits that take advantage of what’s known as the “Rowhammer” technique. Here’s how Rowhammer gets its name: In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer’s memory, “hammering” it until the charge from that row leaks into the next row of memory. That electromagnetic leakage can cause what’s known as “bit flipping,” in which transistors in the neighboring row of memory have their state reversed, turning ones into zeros or vice versa. And for the first time, the Google researchers have shown that they can use that bit flipping to actually gain unintended levels of control over a victim computer. Their Rowhammer hack can allow a “privilege escalation,” expanding the attacker’s influence beyond a certain fenced-in portion of memory to more sensitive areas.

(...)