Frame Feng Shui … Hammering Memory and RAMBleed

So what are the keys to your castle? Well, often it is your SSH keys, as these are the ones that are used to gain access to your cloud and remote systems. In fact, if we lose our private keys, we can compromise the whole of our infrastructure, and, in fact, our business.

Now a new memory-based vulnerability has been found which can extract these keys: RAMBleed [paper]. With new vulnerability (CVE-2019–0174) is based on the Rowhammer flaw and where cells in memory leak charge between each other. In this way it is possible to set bits in the memory by setting memory cells that are nearby to the target storage elements. It is caused by the ever increasing density of DRAM memory cells (especially with DDR3 and DDR4 SDRAM memory), and where an attacker can analyse the layout of the memory and compromise it with predefined memory patterns.

Basically a single bit of memory is created with a tiny capacitor (which stores charge — for a 1, or does not store charge — for a 0). If these capacitors are located physically near to other cells, the charge from them to leak to neighboring ones. So, in the following diagram, we can see the target cell could be changed by the cells which…