Ouch! Google crocks capacitors and deviates DRAM to root Linux by Iain Thomson.
From the post:
…
Last summer Google gathered a bunch of leet [elite] security researchers as its Project Zero team and instructed them to find unusual zero-day flaws. They’ve had plenty of success on the software front – but on Monday announced a hardware hack that’s a real doozy.The technique, dubbed “rowhammer”, rapidly writes and rewrites memory to force capacitor errors in DRAM, which can be exploited to gain control of the system. By repeatedly recharging one line of RAM cells, bits in an adjacent line can be altered, thus corrupting the data stored.
This corruption can lead to the wrong instructions being executed, or control structures that govern how memory is assigned to programs being altered – the latter case can be used by a normal program to gain kernel-level privileges.
…
The “rowhammer” routines are something to consider adding to your keychain USB (Edward Snowden) or fake Lady Gaga CD (writeable media) (Private Manning), in case you become curious about the security of a networked environment.
Iain’s post is suitable for passing on to middle-level worriers but if you need the read details consider:
Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors: Paper on rowhammer by Yoongu Jim et al.
Program for testing for the DRAM “rowhammer” problem Google’s Github repository on rowhammer.
Rowhammer Discuss (mailing list) Google mailing list for discussion of rowhammer.
The Linux faithful turned out comment the problem was in hardware and all operating systems were vulnerable. That is obvious from “hardware hack” and “rapidly writes and rewrites memory to force capacitor errors in DRAM.” But you do have to read more than the title to get that information.
Windows-based spys are waiting for someone to write a rowhammer application with a Windows installer so I don’t think the title is necessarily unfair to Linux. Personally I would just use a USB-based Linux OS to reboot a Windows machine. I don’t know if there is a “looks like MS Windows” interface for Linux or not. So long as you weren’t too productive, that could cover the fact you are not running Windows.
BTW, Iain, unlike many writers, included hyperlinks to non-local resources on rowhammer. That is how the Web is supposed to work. Favor the work of Iain and others like Iain if you want a better Web.