New hacking tool sees the light

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1009_3-1001406.html

By Robert Lemos 
Staff Writer, CNET News.com
May 13, 2003

BERKELEY, Calif.--A Princeton University student has shed light on
security flaws in Java and .Net virtual machines using a lamp, some
known properties of computer memory and a little luck.

An attack requires physical access to the computer, so the technique
poses little threat to virtual machines running on PCs and servers.  
But it could be used to steal data from smart cards, said Sudhakar
Govindavajhala, a computer-science graduate student at Princeton who
demonstrated the procedure Tuesday.

"There are smart cards that use Java that you could shine a light on,
flip a bit and get access to the card's data," he said. Govindavajhala
presented the paper at the Institute of Electrical and Electronic
Engineers (IEEE) Symposium on Security and Privacy here.

The technique relies on the ability of energy to "flip bits" in
memory. While cosmic rays can very occasionally cause a random bit in
memory to change value, from 0 to 1 or from 1 to 0, Govindavajhala
decided not to wait. He used a lamp to heat up the chips inside a
computer and cause one or more bits of memory to change.

By doing so, the researcher broke the security model that virtual
machine's rely on--that the computer faithfully executes its
instruction set.

"You have broken out of the sandbox," Govindavajhala said.

Virtual machines are software programs that emulate a virtual computer
entirely in the host computer's memory. The programs are used to allow
software to run on multiple platforms. For example, Java applets can
execute on a virtual machine running on Windows, Linux or the MacOS.  
Another feature of such virtual machines is that they keep applets
contained to a software "sandbox"--preventing them from affecting the
data on the computer.

Govindavajhala attacked the system by adding his own code into memory
and then filling the remaining free memory with the address of the new
code. He found that, if he could fill 60 percent of memory with the
addresses, a random bit flip would cause his attack code to run
instead more than 70 percent of the time. In the remaining instances,
a key program on the computer would crash instead.

Fred Cohen, a principal analyst with technology consultancy The Burton
Group, said that people who created virtual machines didn't allow for
this possible attack.

"Here is a case where people thought they had though of everything,
but they hadn't," he said, adding that even with sandboxing untrusted
applications, they can still be dangerous. "If you let people run
programs in your computer, then there is a chance they can do what
they want."

The technique could be useful in stealing data from smart cards, which
look like credit cards but have memory and a simple processor
implanted in the card. Since getting a hold of someone's smart card is
much easier than cracking the case on their PC, the attack would be
feasible.

"Certainly there are some smart cards that this could work on," Cohen
said. "There are all sorts of handheld devices where such an attack
has potential to do harm as well."

In addition to such devices, the attack could have some implications
for trusted computing systems, such as Microsoft's next-generation
secure computing base, formerly known as Palladium. Govindavajhala
hadn't studied the effects of his error-inducing techniques on such a
system, however.

Yet, the student researcher did point out that as processors and
memory get faster, the energy needed to induce bit flips becomes
smaller, suggesting that his technique will only become more
effective.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.