• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

RAMBleed - New Side-Channel Attack

biffzinker

biffzinker

Joined
Mar 23, 2016
Messages
4,839 (1.64/day)
System Specs
Processor Ryzen 9 5900X
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory VENGEANCE LPX 2 x 16GB DDR4-3600 C18 OCed 3800
Video Card(s) XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage 970 EVO NVMe M.2 500 GB, 870 QVO 1 TB
Display(s) Samsung 28” 4K monitor
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v22H2
RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.

RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.
Click to expand...

How can I mitigate this issue?
Users can mitigate their risk by upgrading their memory to DDR4 with targeted row refresh (TRR) enabled.


Source: https://rambleed.com/
 
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
20,787 (3.41/day)
System Specs
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64
So basically a nonissue to anything but extremely high value targets, ala rowhammer
 
metalfiber

metalfiber

Joined
Sep 26, 2017
Messages
553 (0.23/day)
Location
Here
System Specs
Processor Intel i9 11900K
Motherboard Z590 MSI ACE
Cooling Corsair H80i v2
Memory Ballistix Elite 4000 32GB 18-19-19-39
Video Card(s) EVGA 3090 XC3 ULTRA HYBRID
Storage 2x Seagate Barracuda 120 SSD 1 TB, XPG SX8200 PRO 1 TB
Display(s) Acer Predator Z321QU
Case Fractal Design Meshify C
Power Supply Asus ROG Strix 1000W
The white hat hackers is way more of a threat than the black hat hackers ever thought about being. The black hats have gotten more ideas on how to from the white hats.
 
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
20,787 (3.41/day)
System Specs
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64
metalfiber said:
The white hat hackers is way more of a threat than the black hat hackers ever thought about being. The black hats have gotten more ideas on how to from the white hats.
Click to expand...

Trust me, the black hats likely knew about some of these and just told no one. Wrong philosophy.
 
metalfiber

metalfiber

Joined
Sep 26, 2017
Messages
553 (0.23/day)
Location
Here
System Specs
Processor Intel i9 11900K
Motherboard Z590 MSI ACE
Cooling Corsair H80i v2
Memory Ballistix Elite 4000 32GB 18-19-19-39
Video Card(s) EVGA 3090 XC3 ULTRA HYBRID
Storage 2x Seagate Barracuda 120 SSD 1 TB, XPG SX8200 PRO 1 TB
Display(s) Acer Predator Z321QU
Case Fractal Design Meshify C
Power Supply Asus ROG Strix 1000W
R-T-B said:
Trust me, the black hats likely knew about some of these and just told no one. Wrong philosophy.
Click to expand...
Yeah i know...i was just spitball'n. I mean we're putting everything into building our computers and we are slowly getting it cut down to where nothing but a nub is left.
 
Last edited:
You must log in or register to reply here.
Top