Drammer: Deterministic Rowhammer Attacks on …

1 drammer : Deterministic Rowhammer Attackson mobile PlatformsVictor van der VeenVrije Universiteit FratantonioUC Santa LindorferUC Santa GrussGraz University of mentine MauriceGraz University of VignaUC Santa BosVrije Universiteit RazaviVrije Universiteit GiuffridaVrije Universiteit work shows that the Rowhammer hardware bug canbe used to craft powerful Attacks and completely subvert asystem. However, existing efforts either describe probabilis-tic (and thus unreliable) Attacks or rely on special (and oftenunavailable) memory management features to place victimobjects in vulnerable physical memory locations. Moreover,prior work only targets x86 and researchers have openly won-dered whether Rowhammer Attacks on other architectures,such as ARM, are even show thatdeterministicRowhammer Attacks are feasi-ble on commoditymobile platformsand that they cannot bemitigated by current defenses.

2 Rather than assuming specialmemory management features, our attack, drammer , solelyrelies on the predictable memory reuse patterns of standardphysical memory allocators. We implementDrammeronAndroid/ARM, demonstrating the practicability of our at-tack, but also discuss a generalization of our approach toother Linux-based platforms. Furthermore, we show thattraditional x86-based Rowhammer exploitation techniquesno longer work on mobile platforms and address the resultingchallenges towards practical mobile Rowhammer support our claims, we present the first Rowhammer -based Android root exploit relying onno software vulner-ability, and requiringno user permissions. In addition, wepresent an analysis of several popular smartphones and findthat many of them are susceptible to conclude by discussing potential mitigation strategiesand urging our community to address the concrete threat offaulty DRAM chips in widespread commodity to make digital or hard copies of all or part of this work for personal orclassroom use is granted without fee provided that copies are not made or distributedfor profit or commercial advantage and that copies bear this notice and the full cita-tion on the first page.

3 Copyrights for components of this work owned by others thanACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re-publish, to post on servers or to redistribute to lists, requires prior specific permissionand/or a fee. Request permissions from 16, October 24 28, 2016, Vienna, 2016 ACM. ISBN 978-1-4503-4139-4/16/10.. $ : INTRODUCTIONThe Rowhammer hardware bug allows an attacker to mod-ify memory without accessing it, simply by repeatedly ac-cessing, , hammering , a given physical memory loca-tion until a bit in an adjacent location flips. Rowhammerhas been used to craft powerful Attacks that bypass all cur-rent defenses and completely subvert a system [16,32,35,47].Until now, the proposed exploitation techniques are eitherprobabilistic [16, 35] or rely on special memory managementfeatures such as memory deduplication [32], MMU paravir-tualization [47], or thepagemapinterface [35].

4 Such featuresare often unavailable on commodity platforms ( , all areunavailable on the popular Amazon EC2 cloud, despite re-cent work explicitly targeting a cloud setting [32, 47]) or dis-abled for security reasons [40, 46]. Recent JavaScript-basedattacks, in turn, have proven capable to reliably escape theJavaScript sandbox [11], but still need to resort to proba-bilistic exploitation to gain root privileges and to completelysubvert a system [16].Probabilistic Rowhammer Attacks [16,35] offer weak relia-bility guarantees and have thus more limited impact in prac-tice. First, they cannot reliably ensure the victim object,typically a page table in kernel exploits [16], is surgicallyplaced in the target vulnerable physical memory may cause the Rowhammer -induced bit flip to corruptunintended data (rather than the victim page table) andcrash the whole system.

5 Second, even when the victim pagetable is corrupted as intended, they cannot reliably predictthe outcome of such an operation. Rather than mapping anattacker-controlled page table page into the address space asintended, this may cause the Rowhammer -induced bit flip tomap an unrelated page table, which, when modified by theattacker, may also corrupt unintended data and crash thewhole paper makes two contributions. First, we presentagenerictechnique fordeterministicRowhammer exploita-tion usingcommodityfeatures offered by modern operatingsystems. In particular, we only rely on the predictable be-havior of the default physical memory allocator and its mem-ory reuse patterns. Using this technique (which we termPhys Feng Shui), we can reliably control the layout of phys-ical memory and deterministically place security-sensitivedata ( , a page table) in an attacker-chosen, vulnerablephysical memory , we use the aforementioned technique to mounta Deterministic Rowhammer attack (orDrammer) on mo-bile platforms, since they present different and unexploredhardware and software characteristics compared to previ-ous efforts, which focus only on x86 architectures, mainly indesktop or server settings.

6 Concerning the hardware, mo-bile platforms mostly use ARM processors. However, allknown Rowhammer techniques target x86 and do not read-ily translate to ARM. Moreover, researchers have questionedwhether memory chips on mobile devices are susceptible toRowhammer at all or whether the ARM memory controlleris fast enough to trigger bit flips [13, 35]. Concerning thesoftware, mobile platforms such as Android run differentand more limited operating systems that implement onlya subset of the features available in desktop and server en-vironments. For example, unless explicitly specified by adevice vendor, the Android kernel does currently not sup-port huge pages, memory deduplication, or MMU paravirtu-alization, making it challenging to exploit the Rowhammerbug and impossible to rely on state-of-the-art an instance of theFlip Feng Shui(FFS) ex-ploitation technique (abusing the physical memory alloca-tor to surgically induce hardware bit flips in attacker-chosensensitive data) [32], which for the first time relies only onalways-on commodity features.

7 For any Rowhammer -basedFlip Feng Shuiattack to be successful, three primitives areimportant. First, attackers need to be able to hammersufficiently hard hitting the memory chips with high fre-quency. For instance, no bits will flip if the memory con-troller is too slow. Second, they need to find a way to mas-sage physical memory so that the right, exploitable data islocated in the vulnerable physical page. Third, they needto be able to target specific contiguous physical addresses toachieve (i) double-sided Rowhammer [9,35], a technique thatyields more flips in less time than other approaches, and (ii)more control when searching for vulnerable pages (impor-tant when mounting Deterministic Attacks ). We show that,when attacking mobile platforms, none of these primitivescan be implemented by simply porting existing this paper, we present techniques to implement afore-mentioned primitives when attacking mobile platforms.

8 Wedetail the challenges towards reliable exploitation on An-droid/ARM and show how to overcome its limited featureset by relying on DMA buffer management APIs providedby the OS. To concretely demonstrate the effectiveness ofourDrammerattack on mobile platforms, we present thefirst Deterministic , Rowhammer -based exploit can be launched by any Android app with nospecial permission and without relying on any software , we present an empirical study and assess howwidespread the Rowhammer bug is on mobile devices. Weinvestigate how fast we can exploit these bugs in popularsmartphones and identify multiple phones that suffer fromfaulty DRAM: 17 out of 21 of our tested 32-bit ARMv7devices still the most dominant platform with a marketshare of over 97% [44] and 1 out of our 6 tested 64-bitARMv8 phones are susceptible to Rowhammer .

9 We con-clude by discussing how state-of-the-art Rowhammer de-fenses are ineffective against ourDrammerattack and de-scribe new mitigation summary, we make the following contributions: We present the first technique to performdetermin-isticRowhammer exploitation using onlycommodityfeatures implemented by modern operating systems. We demonstrate the effectiveness of our technique onmobile platforms, which present significant hardwareand software differences with respect to prior implement ourDrammerattack on Android/ARMand present the first Deterministic , Rowhammer -basedAndroid root exploit. Our exploit cannot be mitigatedby state-of-the-art Rowhammer defenses. We evaluate the effectiveness ofDrammerand ourAndroid root exploit and complement our evaluationwith an empirical Rowhammer study on multiple An-droid devices.

10 We identify multiple ARMv7/ARMv8smartphones that suffer from faulty DRAM. To support future research on mobile Rowhammer , werelease our codebase as an open source project andaim to build a public database of known THREAT MODELWe assume that an attacker has control over an unpriv-ileged Android app on an ARM-based device and wants toperform a privilege escalation attack to acquire root priv-ileges. We do not impose any constraints on the attacker-controlled app or the underlying environment. In particular,we assume the attacker-controlled app has no permissionsand the device runs the latest stock version of the AndroidOS with all updates installed, all security measures acti-vated, and no special features Rowhammer EXPLOITATIONR owhammer is a software-induced hardware fault that af-fects dynamic random-access memory (DRAM) chips.