Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Researchers have devised a new attack that allows unprivileged code running on computers to steal secrets, such as cryptographic keys, that are stored in what should be protected memory regions. The attack is possible because of a known design issue with modern DRAM chips that has been exploited in the past to modify protected data.

Dubbed RAMBleed, the new attack is the work of researchers Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss from the Graz University of Technology and Yuval Yarom from University of Adelaide and Data61. Using the new technique, the researchers were able to extract an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges.

To read this article in full, please click here

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips