News

Researchers show RAMBleed DDR vulnerability based on Rowhammer

By admin
Spread the love

Researchers have discovered a leak with which data can be read from the working memory of a computer. The vulnerability will be named RAMBleed and is based on the Rowhammer vulnerability.

RAMbleed was discovered by researchers from the University of Graz in Austria, the University of Michigan, and the University of Adelaide. The researchers managed to use the attack to read an OpenSSH key with an RSA-2048 algorithm from a server.

The vulnerability works similarly to Rowhammer, a 2015 RAM vulnerability that allows manipulation of the space between physical bits in working memory. RAMBleed takes advantage of that vulnerability. The big difference is that the data can only be read, but not manipulated. The attack uses bit flipping, a process of reading out a cryptographic key by reading out the changes in bits. The vulnerability would also affect memory that uses error code correction, which is normally used to correct bit flips.

The researchers published a proof-of-concept on DDR3 memory, but say the vulnerability can also be exploited in DDR4 memory. Bit flipping attacks have been performed on DDR4 in the past.

You might also like
News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Honor announces thinnest foldable smartphone to date

News

Rumor: Meta wants to release open source language model LLaMA as a paid product

News

Amazon goes to the EU Court for stricter supervision under the Digital Services Act

News

OnePlus announces Nord 3 5G with MediaTek Dimensity 9000 SoC for 449 euros

News

Alleged photos of the Google Pixel 8 Pro prototype appear online

Exit mobile version