New hacking tool sees the light
A Princeton graduate student sheds light on security flaws in Java and .Net virtual machines by using a lamp, some known properties of computer memory and a little luck.
An attack requires physical access to the computer, so the technique poses little threat to virtual machines running on PCs and servers. But it could be used to steal data from smart cards, asserts Sudhakar Govindavajhala, a computer-science graduate student at Princeton who demonstrated the procedure here Tuesday.
"There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data," he said. Govindavajhala presented the paper at the Institute of Electrical and Electronic Engineers (IEEE) Symposium on Security and Privacy.
The technique relies on the ability of energy to "flip bits" in memory. While cosmic rays very occasionally can cause a random bit in memory to change value, from 0 to 1 or from 1 to 0, Govindavajhala decided not to wait. He used a lamp to heat up the chips inside a computer and cause one or more bits of memory to change.
By doing so, the researcher broke the security model virtual machines rely on: that the computer faithfully executes its instruction set.
"You have broken out of the sandbox," Govindavajhala said.
Virtual machines are software programs that emulate a virtual computer entirely within the host computer's memory. The programs are used to allow software to run on multiple platforms. For example, Java applets can execute on a virtual machine running on the Windows, Linux or Mac operating system. Another feature of such virtual machines is that they keep applets contained to a software "sandbox"--preventing them from affecting the data on the computer.
Govindavajhala attacked the system by adding his own code into memory and then filling the remaining free memory with the address of the new code. He found that, if he could fill 60 percent of memory with the addresses, a random bit flip would instead cause his attack code to run more than 70 percent of the time. In the remaining instances, a key program on the computer would crash.
Fred Cohen, a principal analyst with technology consultancy The Burton Group, said people who created virtual machines didn't take into account this possible attack method.
"Here is a case where people thought they had thought of everything, but they hadn't," he said.
Cohen added that even if distrusted applications are contained to a sandbox, they can still be dangerous. "If you let people run programs in your computer," he said, "then there is a chance they can do what they want."
Govindavajhala's technique could be useful in stealing data from smart cards, which look like credit cards but have memory and a simple processor implanted in the card. Since getting a hold of someone's smart card is much easier than cracking the case on a PC, the attack would be feasible.
"Certainly there are some smart cards that this could work on," Cohen said. "There are all sorts of handheld devices where such an attack has potential to do harm as well."
In addition to such devices, the attack could have some implications for so-called trusted computing systems, such as Microsoft's next-generation secure computing base, formerly known as Palladium. Govindavajhala hadn't studied the effects of his error-inducing techniques on such a system, however.
Yet, the student researcher did point out that as processors and memory get faster, the energy needed to induce bit flips becomes smaller, suggesting that his technique will only become more effective.