Nethammer: Inducing Rowhammer Faults through Network Requests

TL;DR

Nethammer demonstrates a novel remote Rowhammer attack that exploits network request handling to induce memory bit flips without local code execution, threatening various systems including PCs, servers, and mobile devices.

Contribution

This work introduces Nethammer, the first remote Rowhammer attack method that does not require attacker-controlled code on the target system.

Findings

Remote attack feasible via network request handling

Cache misses frequency sufficient to induce bit flips

Effective across PCs, servers, and mobile phones

Abstract

A fundamental assumption in software security is that memory contents do not change unless there is a legitimate deliberate modification. Classical fault attacks show that this assumption does not hold if the attacker has physical access. Rowhammer attacks showed that local code execution is already sufficient to break this assumption. Rowhammer exploits parasitic effects in DRAM to modify the content of a memory cell without accessing it. Instead, other memory locations are accessed at a high frequency. All Rowhammer attacks so far were local attacks, running either in a scripted language or native code. In this paper, we present Nethammer. Nethammer is the first truly remote Rowhammer attack, without a single attacker-controlled line of code on the targeted system. Systems that use uncached memory or flush instructions while handling network requests, e.g., for interaction with the network device, can be attacked using Nethammer. Other systems can still be attacked if they are protected with quality-of-service techniques like Intel CAT. We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. We evaluated different bit flip scenarios. Depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We investigated Nethammer on personal computers, servers, and mobile phones. Nethammer is a security landslide, making the formerly local attack a remote attack.