Ofungiyar masu bincike daga Jami'ar Kyauta ta Amsterdam, Makarantar Fasaha ta Switzerland ta Zurich da Qualcomm gudanar da bincike kan tasirin kariya daga Hare-haren RamaHammer an yi amfani dashi a cikin kwakwalwan ƙwaƙwalwar DDR4, wanda ke ba da damar sauya abubuwan individualan mutum na ƙwaƙwalwar damar samun damar bazata (DRAM).
Sakamakon ya kasance abin takaici kamar yadda DDR4 ke kasancewa mai rauni (CVE-2020-10.255) zuwa RowHammer, kamar yadda wannan kwaro yana bada damar gurbata dan abun ciki mutum ƙwaƙwalwar karanta bayanai ta kowane lokaci daga ƙwayoyin ƙwaƙwalwar maƙwabta.
Tunda DRAM yana da tsaka-tsakin kwayoyin halitta, kowanne daga cikinsu yana kunshe da capacitor da transistor, cigaba da karatu daga wannan yankin ƙwaƙwalwar yana haifar da jujjuyawar lantarki da ɓacin rai, yana haifar da ƙaramin matsin lamba daga ƙwayoyin dake makwabtaka.
Idan ƙarfin karatun ya isa sosai, to tantanin halitta na iya rasa adadi mai yawa da yawa kuma sake zagayowar sabuntawar na gaba ba zai sami lokacin da zai dawo da asalin sa ba, wanda zai haifar da canjin darajar bayanan da aka ajiye a cikin kwayar .
Don toshe wannan tasirin, kwakwalwan DDR4 na zamani suna amfani da fasahar TRR. (Target Row Refresh), wanda aka tsara don hana ɓarkewar kwayar halitta yayin harin RowHammer.
Matsalar ita ce babu wata hanyar hada kai don aiwatar da TRR kuma kowane CPU da ƙwaƙwalwar ƙwaƙwalwar ajiya suna fassara TRR a cikin hanyar su, ta amfani da zaɓin kariyar kansu kuma ba tare da bayyana cikakkun bayanan aiwatarwa ba.
Yin nazarin hanyoyin da masana'antun suka yi amfani da su don toshe RowHammer ya sanya sauƙi a samo hanyoyi game da kariya.
A lokacin tabbatarwa, ya zama cewa ƙa'idar "tsaro ta rashin ruɗi" waɗanda masana'antun ke amfani da su yayin aiwatar da TRR kawai ke taimakawa karewa a cikin lamura na musamman, wanda ke rufe hare-hare na yau da kullun waɗanda ke sarrafa canjin ƙwayoyin salula a layuka ɗaya ko biyu da ke kusa da su.
Amfani da masu binciken suka haɓaka yana bamu damar gwada saukin kwakwalwan zuwa zaɓuɓɓukan kai hare-hare na RowHammer masu yawa, wanda aka yi ƙoƙarin yin tasiri ga ɗaruwar layuka da yawa na ƙwayoyin ƙwaƙwalwar ajiya a lokaci guda.
Irin waɗannan hare-haren na iya kewaye da kariya ta TRR aiwatar da wasu masana'antun kuma haifar da ɓarna ƙwaƙwalwar ajiya ko da a kan sabbin kwamfyutoci masu ƙwaƙwalwar DDR4.
Daga cikin 42 DIMM da aka yi karatu, 13 sun kasance masu rauni ga zaɓuɓɓukan kai hari na RowHammer ba-misali, duk da iƙirarin kariya. SK Hynix, Micron da Samsung sun ƙaddamar da kayayyaki masu matsala, waɗanda samfuransu ke rufe kashi 95% na kasuwar DRAM.
Baya ga DDR4, Hakanan an yi nazarin kwakwalwan LPDDR4 da aka yi amfani da su a cikin na'urorin hannu, cewa sun kuma kasance masu hankali don zaɓin kai hari na RowHammer na ci gaba. Musamman, ƙwaƙwalwar da aka yi amfani da ita a cikin Google Pixel, Google Pixel 3, LG G7, OnePlus 7 da Samsung Galaxy S10 wayoyin salula.
Masu binciken sun sami damar kirkirar wasu dabaru na amfani da su a jikin kwakwalwan DDR4 matsala.
Amfani da RowHammer ya yi amfani da PTE (shigarwar tebur na shafi) da ake buƙata don samun gatan kernel a cikin dakika 2.3 zuwa sa'o'i uku da dakika goma sha biyar, ya dogara da kwakwalwar da ake gwadawa.
Harin lalacewa akan maɓallin jama'a RSA-2048 da aka adana a ƙwaƙwalwar ya ɗauki daga sakan 74.6 zuwa minti 39 da dakika 28. Harin kai tsaye don kaucewa izini ta hanyar gyaran ƙwaƙwalwar aikin sudo ya ɗauki mintina 54 da sakan 16.
Don gwada kwakwalwar ƙwaƙwalwar ajiyar DDR4 amfani da masu amfani, TRRespass mai amfani ya fito. Harin nasara yana buƙatar bayani game da shimfidar adiresoshin zahiri da aka yi amfani da su a cikin mai sarrafa ƙwaƙwalwar dangane da bankuna da layuka na ƙwayoyin ƙwaƙwalwa.
Don ƙayyade layout, an ci gaba da amfani da wasan kwaikwayo, wanda ke buƙatar farawa da tushen gata. Nan gaba kadan, an kuma shirya fitar da wani application dan gwada kwakwalwar wayoyin zamani.
Kamfanonin Intel da AMD sun ba da shawarar don kare amfani da ƙwaƙwalwar ajiya tare da gyaran kuskure (ECC), masu kula da ƙwaƙwalwar ajiya tare da tallafi na MAC da kuma amfani da ƙimar samun ƙarfi.
Source: https://www.vusec.net