Hackers took aim at hardware, way beyond the matrix-hackers, attacks, matrix-IT information
The Wired Magazine Web site author introduces some new types of hacker attacks. Difference is that the attack directly to the computer's physical entities, so that the software update practices can do nothing about it.
Following is the content of the original:
We each word is used to describe computer metaphor: "file", "window", or "memory" (memory, was meant to memory), they are all binary numbers, representing a maze of wires and transistors, and electrons to move through this maze. However, when hackers across the levels of abstraction of a computer system, direct attack when its physical entities, this metaphor is broken.
In the past 1.5 years, security researchers have been doing about it: breakthrough arrived in physical metaphor, hacking technique. The technology is not the operating system or by the unexpected behavior of the application, but the unexpected behavior of the computing hardware itself-in some projects, they target objects are, including bits of data in a computer's memory. At the Usenix Security Conference held earlier this month, two research teams demonstrate some attacks. They develop these new hacker attacks and the distance between the real threat is not far away.
Break down the hypothesis
The two new types of attack techniques is called "Rowhammer", Google researchers in March this year for the first time to demonstrate it. How it works is a program running on the target computer, repeated a line covering DRAM flash memory transistors, "hammer" (that is, Rowhammer hammer in the meaning of the word) to them until there is a rare condition: charge from this line of transistor leakage to the adjacent row. These charges led to an adjacent row of the transistors leak flip bits in--1 changed to 0, and 0 becomes 1. The flip will allow hackers to obtain special permission to access your computer's operating system.
Such attacks are very rare, but it does work.
Hardware and software vendors before defense is entirely based on the digital model, Rowhammer asking them to convert ideas and similar attacks. "Computers are like all technologies, with lots of levels, at all levels that they have assumed. For example, a car will assume the wheels can roll, can ease the impact, and won't melt when wet. "Security researcher Dan·kamingsiji (Dan Kaminsky) said:" network technology, an interesting fact is that these assumptions can be attacked. ”。 In 2008, he discovered a fundamental flaw in the Internet's domain name system.
Last year, tuomasi·dulien (Thomas Dullien, one of the inventors of the technology, that is, the hacker community famous Halvar Flake) and his colleagues found on Google, they can charge leaked technology, flip some key bits in laptop DRAM memory, this is the first charge leaks can be controlled and used to prove. A few months later, Austria and France, researchers say, hackers can run through the browser's JavaScript code to carry out such attacks.
These variants of the Rowhammer and Usenix Conference two means of attack of the show, show that the hacker community to break more and more focused on the calculation of the basic assumptions. "Rowhammer just scratched the surface," said Du Lien said. "It may be a very large area of research".
Realistic and concrete way to Rowhammer attack
New attacks took Rowhammer to a new-and used it to attack in the direction of cloud computing services and the enterprise workstation, rather than attack the consumers ' personal computers. United States, Ohio, a research group which cracked the Xen (the software divides the cloud computing resources on a server to isolate the "virtual machine", rented to customers). Hackers breached these virtual machines, control the cloud server close to the bottom of the section.
The second paper from the Netherlands and Belgium researchers, their experiments and achieved a similar result. This is a new and more reliable use of the Rowhammer method, it uses the name "deduplication on memory" (memory de-duplication) function, the same parts in different virtual machine memory combined entity on a single location in the computer's memory. In tests, the researchers used a Dell workstation, their data to be written to the virtual memory, and then uses this data to locate and "hammering" Physics of transistors. These transistors not only their data, but also with other virtual machines running on a single computer for the same data.
Researchers refer to this approach as "reverse Feng Shui" (Flip Feng Shui), it can be used to develop highly targeted hacker actions, such as destroying key, after which they will be able to crack the secret of the target object. "It's not like flamethrowers, much like a sniper rifle," the free University (University of Vrije) members of the research team Ben·gelasi (Ben Gras).
More covert attacks
Rowhammer is far from the only new hacking techniques for computer-physical properties. For example, Israel researchers this summer showed a proof of concept malware, computer cooling fan or hard disk drive motor sounds, transmitted stolen data in a sound manner. Another Israel team last year found that they could use $ 300 (about 2000) handheld devices by monitoring radio radiation emitted when the computer processor power consumption, to extract the key from the computer.
But Rowhammer, most disturbing hacking is the micro-level. United States University of Michigan (University of Michigan) researchers in one transistor unit (contains a set of transistors, width less than human hair of 1 per thousand) built on secret back doors, modern transistors on a microchip unit number by 1 billion dollars. If the hacker knows the existence of this back door, you can run a program, causing the unit to pick up nearby transistor charge, inducing specific bits flipping, as like in a Rowhammer attack. In doing so, it would produce a very subtle physical layer of disruptive technology, using digital security tool is basically undetected. "This goes beyond the matrix in the ' matrix '," Matthew Hicks, one of the researchers at the University of Michigan (Matthew Hicks) referring to the technology, said.
For this type of hardware attacks, update software not to work. Rowhammer charge leakage memory problems, researchers have come up with a solution: to increase DRAM called "error-correcting codes" function, continuous correction of any given transistor abnormal level of charge. Broader implementation of this function in the computer memory, can prevent the Rowhammer of these attacks.
But Du Lien warned that DRAM is just one of the potential targets. "A lot of things--chips, hard drives, etc-at design time, is normally OK as the standard, may not have taken into account the situation of hostile input," he said. "We do not know what next will be compromised hardware is. However, which is why we are interested in studying this very reason. "Computer scientists may soon discover, machine vulnerability is reflected not only in terms of what they already know, but also in other areas, while their models there is a banquet.
黑客瞄上硬件,手法超越《黑客帝国》 - 黑客,攻击,黑客帝国 - IT资讯
《连线》杂志网站日前撰文介绍了一些新型的黑客攻击手段。与以往不同的是,这些攻击直接针对的是计算机的物理实体,因此软件更新的做法对它无能为力。
以下为原文内容:
我们用来描述计算机的每个词语都是隐喻:“文件”、“窗口”,甚至是“存储器”(memory,本意是记忆),它们全部是一些二进制数字,代表着一个由电线和晶体管组成的迷宫,而电子就在这个迷宫中移动。但是,当黑客跨越计算机系统的抽象层次,直接攻击它的物理实体的时候,这种隐喻就被打破了。
在过去一年半的时候中,安全研究人员一直在做这件事:研究突破隐喻、抵达物理实体的黑客技术。这种技术利用的不是操作系统或应用程序的意外行为,而是计算硬件本身的意外行为——在某些项目中,他们瞄准的对象是电,包括计算机内存中的数据比特。在本月初举办的Usenix安全大会上,有两个研究小组演示了一些攻击方式。他们开发的这些新型黑客攻击手段和现实威胁之间的距离并不遥远。
打破假设
这两种新型攻击采用的技术名叫“Rowhammer”,谷歌研究人员在今年3月首次对它进行了演示。其工作原理是在目标计算机上运行一个程序,反复覆盖DRAM闪存中的某一行晶体管,“锤击”(就是Rowhammer这个词中的hammer的含义)它们,直到出现一种罕见的状况:电荷从这行晶体管泄漏到相邻的行。这些泄漏的电荷导致相邻行晶体管中的比特位翻转——1变成了0,而0变成了1。这种翻转会让黑客获得访问计算机操作系统的特别权限。
这种攻击手段非常奇葩,但它确实有效果。
硬件和软件厂商之前的防御手段完全是以数字模型为基础的,Rowhammer和类似的攻击要求他们转换观念。“计算机就像所有技术一样,包含了很多层次,各个层次彼此存在假设。打个比方说,一辆汽车会假设轮子可以滚动、可以缓解冲击,而且被淋湿的时候不会融化。”安全研究员丹·卡明斯基(Dan Kaminsky)说:“网络技术一个有趣的事实是:这些假设可以遭到攻击。”。2008年时,卡明斯基在互联网域名系统中发现过一个根本性的缺陷。
去年,托马斯·杜立恩(Thomas Dullien,该技术的发明者之一,即黑客界大名鼎鼎的Halvar Flake)和他在谷歌的同事发现,他们可以利用电荷泄露技术,翻转一些笔记本电脑DRAM内存中的关键比特位,这是电荷泄露可以遭到控制和利用的第一个证明。几个月后,奥地利和法国的研究人员也表示,黑客可以通过浏览器中运行的JavaScript代码展开这种攻击。
Rowhammer的这些变体以及Usenix大会上展示的两种攻击手段,表明黑客界把越来越多的注意力集中在了打破计算的基本假设上。“Rowhammer仅仅是触及了表面而已,”杜立恩说。“这可能会成为一个非常庞大的研究领域”。
现实而具体的Rowhammer攻击方式
新型攻击手段把Rowhammer带向了一个新的方向——用它来攻击云计算服务和企业工作站,而不是攻击消费者的个人电脑。美国俄亥俄州一个研究团体使用该技术破解了Xen(该软件把云服务器上的计算资源划分给孤立的“虚拟机”,出租给客户)。黑客攻破了这些虚拟机,控制了云服务器接近底层的部分。
第二篇论文来自荷兰和比利时研究人员,他们的实验也取得了类似的效果。这是一种更可靠地使用Rowhammer的新方法,它利用了名为“内存的重复数据删除”(memory de-duplication)的功能,把不同虚拟机在内存中的相同部分结合起来,放在实体计算机的内存中的单一位置上。研究人员在测试中使用了戴尔工作站,他们把数据写入到虚拟机的内存中,然后使用这些数据来定位和“锤击”物理晶体管。这些晶体管上不仅仅存有他们的数据,而且也存有同在一台计算机上运行的其他虚拟机的相同数据。
研究人员把这种方法称为“颠倒风水”(Flip Feng Shui),它可以用来开展极具针对性的黑客行动,比如破坏密钥,之后他们就可以破解目标对象的秘密了。“这不像是火焰喷射器,更像是狙击步枪,”自由大学(University of Vrije)该研究团队的成员本·格拉斯(Ben Gras)表示。
更加隐蔽的攻击
Rowhammer远不是唯一一个针对计算机物理属性的新型黑客技术。比如,以色列研究者今年夏天展示过一个用来验证概念的恶意软件,使用计算机散热风扇或硬盘驱动器马达的声音,把窃取的数据以音频的方式传输出去。另一个以色列团队去年发现,他们可以用300美元(约合人民币2000元)的手持设备,通过监测计算机处理器消耗电能时发出的无线电辐射,来从计算机中提取密钥。
但是关于Rowhammer,最令人不安的黑客行为是微观层面的。美国密歇根大学(University of Michigan)的研究人员在一个晶体管单元(包含一组晶体管,宽度不到人类头发丝的千分之一)上建立秘密后门,现代微芯片上这样的晶体管单元数以十亿计。如果黑客知道这个后门的存在,就可以通过运行某个程序,导致该单元拾取附近晶体管的电荷,诱导特定的比特位翻转,就像在Rowhammer攻击中一样。这样以来,就会产生一种极为隐蔽的物理层破坏技术,用数字安全工具基本上是检测不出来的。“这超越了《黑客帝国》中的‘矩阵’,”密歇根大学的研究人员之一马修·希克斯(Matthew Hicks)谈到这项技术时说。
对于这种类型的硬件攻击,更新软件起不到什么作用。针对Rowhammer利用内存电荷泄漏的问题,研究人员已经想出一个对策:给DRAM增加一种称为“纠错码”的功能,不断校正任何特定晶体管的电荷异常水平。在计算机内存中更广泛的实现这个功能,可以阻止Rowhammer目前的这些攻击方式。
但是杜立恩警告说,DRAM只是潜在目标之一。“很多东西——芯片、硬盘等等——在设计的时候,就是以在普通情况下OK为标准的,可能并没有考虑到敌意输入的情况,”他说。“我们不知道下一个会被攻破的硬件是什么。但是,这就是为什么大家都对研究这个极感兴趣的原因。”计算机科学家可能很快就会发现,机器的脆弱不仅体现在他们已经知道的方面,而且还体现在其他方面,而这时候他们的数字模型根本就派不上用场。