FPGA cards can be abused for faster and more reliable Rowhammer attacks
In a new research paper published on the last day of 2019, a team of American and German academics has shown that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks.
The new research expands on previous work into an attack vector known as Rowhammer.
A short history of Rowhammer attacks
Rowhammer attacks were first detailed in 2014. The attack exploits a design flaw in the hardware modern memory cards -- most commonly known as RAM.
On modern RAM cards, data is stored inside memory cells, and all memory cells are arranged in a grid pattern. In 2014, academics discovered that by reading data stored on one row of memory cells repeatedly, and at high speeds, they could create an electrical charge that would alter data stored in nearby memory rows.
By coordinating repeated read operations, in an operation named "row hammering," they could use the unwanted electrical charges to corrupt RAM data, or manipulate the user's data in malicious ways.
After it was disclosed to the public, industry experts deemed the Rowhammer attack only a theoretical threat, but one that had the potential to become a bigger problem later down the line.
Experts believed that while the initial Rowhammer attack looked inefficient at altering or corrupting data, academics would eventually find new ways to launch Rowhammer attacks and improve the damage the attack could cause.
RAM vendors reacted by modifying RAM card designs and by introducing software mitigations to deal with the potential damage that could come from a future, potential, Rowhammer attack.
Just as it was initially predicted, over the past five years, academics have greatly expanded on the initial Rowhammer attack. They found ways around mitigations, they expanded the attack surface to various computer components and configurations, and they even found a way to use Rowhammer to steal data from attacked systems, insted of just altering it. Below is a summary of all the work done with Rowhammer attacks.
- They showed how a Rowhammer attack could alter data stored on DDR3 and DDR4 memory cards alike
- They showed how a Rowhammer attack could be carried out via JavaScript, via the web, and not necessarily by having access to a PC, physically, or via local malware
- They demoed a Rowhammer attack that took over Windows computers via the Microsoft Edge browser
- They demoed a Rowhammer attack that took over Linux-based virtual machines installed in cloud hosting environments
- They used a Rowhammer attack to get root permissions on an Android smartphone
- They bypassed Rowhammer protections put in place after the disclosure of the first attacks
- They showed how an attacker could improve the efficiency of a Rowhammer attack by relying on local GPU cards
- They developed a technique to launch Rowhammer attacks via network packets
- They developed a Rowhammer attack that targets an Android memory subsystem called ION, and which broke the isolation between the OS and local apps, allowing data theft and total device control
- They developed a Rowhammer attack named ECCploit that works even against modern RAM cards that use error-correcting code (ECC)
- They discovered RAMBleed, a Rowhammer attack variation that can exfiltrate data from attacked systems, not just alter it.
New JackHammer attack
The latest addition to this list is a new Rowhammer attack variation called JackHammer, which allows a malicious party to abuse FPGA cards to launch better and faster Rowhammer attacks.
For those unfamiliar with the term, FPGAs are add-in cards that can be added to a computer system (desktop or server). They are computer components designed to optimize performance by allowing the user to customize it based on their needs, and are sometimes referred to as "accelerators."
FPGAs are often used with systems designed to run very specific tasks, such as cryptocurrency mining, web servers, heavy computation systems, and so on.
In recent years, FPGAs have made their way into cloud computing environments where they're now a common offering. Companies like Alibaba Cloud and Amazon Web Services (AWS) provide customers FPGA-based server instances so customers can optimize performance for specific tasks. Microsoft is also working on integrating FPGA-based technology inside Azure.
Seeing that FPGA-CPU architectures are becoming more common, a team of researchers from the Worcester Polytechnic Institute in the US, the University of Lubeck in Germany, and Intel, have looked into how Rowhammer attacks impact this new cloud setup.
They found that when the attack code is launched from within a user-configured FPGA, Rowhammer attacks are more efficient at causing bit flips and do it at a faster speed than if the attack was launched using malicious code executed inside the CPU -- as is how all other Rowhammer attacks work.
This is because FPGA cards connect directly to a processor's bus, giving the FPGA direct and untethered access to the CPU cache and RAM memory. Further, FPGA's don't have to deal with firmware and OS software, allowing it to run code faster than a normal CPU.
Twice as fast, four times more bit flips
"In a Rowhammer attack, a significant factor in the speed and efficacy of an attack is the rate at which memory can be repeatedly accessed," the research team explains.
"On many systems, the CPU is sufficiently fast to cause some bit flips, but the FPGA can repeatedly access its host machine's memory system substantially faster than the host machine's CPU can."
An FPGA-originated rowhammer can hammer faster and flip more bits compared to the CPU rowhammer on the same platform.
— Daniel Moghimi (@danielmgmi) January 2, 2020
In a proof-of-concept experiment detailed in their paper, the research team launched a classic CPU-based Rowhammer attack and a new FPGA-based JackHammer attack against the WolfCrypt RSA implementation, part of theWolfSSL Library, recovering private keys used to secure SSL connections.
"Our results indicate that a malicious FPGA can perform twice as fast as a typical Rowhammer attack from the CPU on the same system and causes around four times as many bit flips as the CPU attack," the research team said.
Furthermore, the academic team also found that a JackHammer attack is much more difficult to detect because of the FPGA's direct access to system resources leaves no traces on the CPU of the FPGA's memory access operations. Since most anti-Rowhammer detection systems are configured at the CPU level, this opens a new blindspot in CPU and cloud security.
For their tests, academics used an Intel Arria 10 GX FPGA; however, this doesn't mean Arria FPGAs are vulnerable.
By design, FPGAs are meant to "accelerate" systems. The actual problem behind JackHammer is the inherent trust put in user-configurable FPGAs used in cloud environments, and the lack of security controls and protections designed for FPGA-run code.
"From a security perspective, a user-configurable FPGA on a cloud system needs to be treated with at least as much care and caution as a user-controlled CPU thread, as it can exploit many of the same vulnerabilities," researchers said.
Through their work, the research team would like to see cloud vendors react and add appropriate protections against malicious code executed within FPGAs instead of CPUs.
The research team listed several mitigations that cloud vendors could deploy to secure cloud computing platforms against JackHammer. They include the use of hardware monitoring, partitioning CPU cache, CPU cache pinning, increased refresh rates for DRAM memory, and more.
For more details on this new FPGA attack vector, please see the research team's white paper, titled "JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms."
WolfSSL 4.3.0, released on December 20, contains a fix (CVE-2019-19962) to prevent and mitigate JackHammer attacks.