TID-110: Hardware Fault Injection – Data Manipulation
Threat Description
If a device uses certain types of vulnerable dynamic random access memory (DRAM), a threat actor with malicious software installed on the device may be manipulate the contents of memory by repeatedly accessing physically nearby memory cells.
An example of this is Rowhammer, where a threat actor can deploy code (including written in JavaScript loaded from a web site) that performs many repeated memory access attempts. This repeated access causes a leakage of electric charge within memory, leading to a manipulation of the charge of nearby memory locations. This charge manipulation results in a manipulation of the contents of memory itself. By manipulating the contents of memory, the threat actor may be able to escalate privileges on a device or otherwise bypass security controls.
Threat Maturity and Evidence
Proof of Concept
RowHammer
In 2014 and thereafter, researchers demonstrated the ability to corrupt data in nearby DDR3 and DDR4 DRAM rows by repeatedly accessing data from the same row. It is possible to turn this phenomenon into exploits through various means.
CWE
CWE-1256: Improper Restriction of Software Interfaces to Hardware Interfaces
“The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.”