Chip-level bug leaves PCs open to exploitation

By on
Chip-level bug leaves PCs open to exploitation

ASLR can be bypassed via the browser.

Dutch security researchers have found a way to bypass hardware-level security measures that stop attackers from manipulating and leaking data in computer memory, making for a browser-based vulnerability that is hard to protect against.

The low-level attack devised by the researchers at the Free University of Amsterdam (VU) focuses on the memory management unit (MMU) in modern processors.

This handles all the virtual memory management and cache control, and is an integral part of all modern hardware to speed up processor performance.

If an attacker can work out where data is arranged in a computer's memory, it is relatively easy to successfully exploit the system. Address space layout randomisation (ASLR) is a hardware feature that locates application code and data in arbitrary memory addresses, making it harder for attackers to work out where it is.

By exploiting how the MMU uses the caches or short-term fast storage areas in processors, and how they are ordered, the researchers were able to time page table walks during memory access and eventually bypass ASLR protection.

The researchers' ASLR+Cache (AnC) attack enabled them to work out which cache lines are associated with certain memory pages, and from there, to find code and heap pointers.

As a testimony to how powerful the Javascript can be in the right hands, the researchers implemented their AnC attack in the popular coding language without user interaction.

Although browser vendors have mitigated against cache-level attacks by reducing the precision of the Javascript timer, the researchers worked around that protective measure with their own timers.

The attack works on processors from Intel, AMD, Allwinner, Samsung, and Nvidia, the researchers said.

"There was no [processor] architecture that we tried without observing the MMU signal," they noted.

Attacks against Google's Chrome and Mozilla Foundation's Firefox could be performed in just over ten seconds.

The VU researchers said there's no way to protect against the attack, as the vulnerability is part and parcel of modern computer processors. Processor, browser, and operating system vendors were notified by the VU researchers last October.

Using browser plugins such as NoScript that limit what Javascript code can run on users' systems can stop the flaw from being exploited by attackers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
alsr hardware mmu security vusec
In Partnership With

Most Read Articles

Wipro hacked, internal systems used to attack customers: report

Wipro hacked, internal systems used to attack customers: report
Telstra, TPG, Vocus and Optus say they aren't an NBN bottleneck

Telstra, TPG, Vocus and Optus say they aren't an NBN bottleneck
Optus sets $85 a month as its new entry-level NBN price

Optus sets $85 a month as its new entry-level NBN price
ANZ reveals the good and bad of its Agile transformation

ANZ reveals the good and bad of its Agile transformation
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Stop Parasites on your Network with Sophos
Stop Parasites on your Network with Sophos
Stop your Oracle database slowing down your business
Stop your Oracle database slowing down your business
How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud
Is slow data silently killing your business? Here's why you should care.
Is slow data silently killing your business? Here's why you should care.

Events

Log In

Username / Email:
Password:
  |  Forgot your password?