
Using Rowhammer bitflips to root Android phones - ryanlol
http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
======
nullc
Perhaps we'll finally start being able to get mobile devices with ECC memory,
now that its useful for preventing the nominal owners of devices from having
actual control or visibility into their operation.

~~~
jerf
If you want to leverage Rowhammer to get ECC everywhere, don't root phones;
figure out how to crack into a media stream you shouldn't have access to, like
a Netflix stream or a Bluray rip. Which may very well incorporate rooting
phones. But that'll get the industry forces screaming for ECC everywhere (and
per other threads, whatever else it takes to make hardware proof against
Rowhammer) far more than merely rooting, and they'll scream for it for _all_
hardware. No point in protecting Blurays if the cheapest hardware is what rips
the most easily.

Proofing hardware against Rowhammer is still necessary even if it does happen
to help DRM. It is not possible to write secure code of any kind in an
environment where Rowhammer can be performed. The casual dismissiveness the
industry seems to have about this problem really surprises me... per the
article we all just read, this at least threatens to become a Heartbleed-class
problem at some point, but will make Heartbleed remediation look like a walk
in the park by comparison. Hardware diversity generally protects us, but there
are places where there isn't as much diversity, such as phones, where this
could become a massive problem.

~~~
Natanael_L
Hey, doesn't blu-ray players have web access?

Rowhammer via Javascript is already a thing.

See where I'm going with this?

------
niftich
This hardware defect just keeps on giving.

Since we're unlikely to see _larger_ memory cells again, mitigations will
likely be applied. There is a good question on a discussion board [1] from
last year about memory scrambling and its utility here; but with no responses.
Can these questions be answered? Some points about memory scrambling are also
made here [2] by Kim of the 2014 CMU paper.

[1] [https://groups.google.com/forum/#!topic/rowhammer-
discuss/tp...](https://groups.google.com/forum/#!topic/rowhammer-
discuss/tpiC2MeowrM)

[2] [https://github.com/CMU-SAFARI/rowhammer](https://github.com/CMU-
SAFARI/rowhammer)

~~~
b161023ar
Hmm, so the purpose of memory scrambling is to avoid excessive current swings
on the data bus, because they have some kind of undesirable effect on the
voltage regulator. I wonder if the result of such current swings is just
excessive EMI or power consumption, or if the supply can actually go out of
regulation. If you know the scrambling algorithm then you can generate those
current swings intentionally...

~~~
userbinator
I suppose you could get some interesting things to happen if you kick the
control loop of the regulator into oscillation and set up some resonance; I
wrote an old comment here, related to video cameras, that describes one such
experience I had:

[https://news.ycombinator.com/item?id=9251479](https://news.ycombinator.com/item?id=9251479)

It also reminds me of the old CD copy-protection schemes that worked by
attempting to (and in a lot of cases, successfully) forcing the scrambling
algorithm it uses to output difficult-to-write bit strings:

[https://www.pricenfees.com/digit-life-archives/magic-
figures...](https://www.pricenfees.com/digit-life-archives/magic-figures-
detective-story-unreadable-cds)

[http://www.cdmediaworld.com/hardware/cdrom/news/0102/sd2_tru...](http://www.cdmediaworld.com/hardware/cdrom/news/0102/sd2_truth.shtml)

------
beambot
Dumb question (maybe OT): why is rooting phones so hard in the first place?
Shouldn't root permissions be part of device ownership (akin to fair use)? Why
do I have to hack my own phone to get unfettered access?

~~~
zigzigzag
You don't, if you care enough to buy a phone where that's possible. Any Nexus
device can be reflashed to a custom Android build for example. Of course you
void your warranty that way.

What you're really asking is why is there no root shell by default on all
phones, and simply posing the question also answers it - it's a phone, there's
zero demand for messing about with terminal emulators on a phone. If you say,
but I'd like to install apps as root, the problem is such apps could break the
phone in arbitrary ways like by infecting it with malware/adware/spyware that
then can't be uninstalled. Modern operating systems are very much designed to
limit what apps can do to avoid the nightmare that desktop OS's turned into,
where people are afraid of installing apps in case something goes wrong. For
better or worse you can install apps on Android/iOS without much fear, which
is one reason people do it so much: you can always remove the app again if
it's trouble.

Android is pretty customisable and has lots of permissions anyway. There are
very few things you can't do if you don't have a carrier-locked phone. So
supporting apps with root access would vastly worsen the malware situation in
order to satisfy a tiny number of geeks who like editing config files: a very
bad tradeoff.

But hey, Android is open source, so if you think I'm wrong go ahead and make
money selling phones with root access.

~~~
chx
Of course we shouldn't forget little niceties like YouTube not being able to
play background music. Only the paid YouTube Red service can do that which is
simply not available in many countries -- but even in those YT won't play in
the background. Unless, of course, you have xposed installed... So, as usual,
controlling what you can do with your own device results in a) perceived gains
for the rightholder b) pain for ordinary users c) nothing at all for the
informed. If this resembles the DRM situation, it is.

~~~
zigzigzag
What's that got to do with root access?

If you can beat YouTube's DRM then you can just make your own player app. No
need for root.

If you can't then what makes you think you could defeat whatever checking for
rooted devices YouTube would add to their app?

Anyway, this sort of discussion is pretty pointless. The market has spoken.
The number of people who care about root access is tiny compared to the number
of people who want a safe device and app experience. Heck the entire iPad/iOS
experience is pretty much "let's take a general purpose computer, make it do
less, and it'll sell much better".

~~~
chx
Um, how do you plan to install xposed if you are not root?

~~~
Dylan16807
You install _your own player app_. You don't need xposed. You don't need root.
You do need to sideload because the app store forbids anything that annoys
youtube.

------
Steeeve
> In a statement, Google officials wrote: "After researchers reported this
> issue to our Vulnerability Rewards Program, we worked closely with them to
> deeply understand it in order to better secure our users. We’ve developed a
> mitigation which we will include in our upcoming November security
> bulletin."

Then why am I reading about this in October?

~~~
bagacrap
Presumably you're asking why you're hearing about it before the fix is out.
Perhaps Google is trying to apply public pressure to the
manufacturers/carriers to actually update their devices since they have a
habit of not pushing critical security updates very quickly.

------
userbinator
On the one hand, you could argue that this is not a good thing because the
hardware is fundamentally buggy. On the other hand, and this may be a bit of a
contrarian view, if it leads to "the insecurity that gives us freedom", maybe
it's not all so bad after all... although in this case, it might be too much
of a free-for-all. But given how locked-down mobile devices are by default,
this almost feels like a breath of fresh air.

[https://www.gnu.org/philosophy/right-to-
read.en.html](https://www.gnu.org/philosophy/right-to-read.en.html)

[http://boingboing.net/2012/01/10/lockdown.html](http://boingboing.net/2012/01/10/lockdown.html)

[http://boingboing.net/2012/08/23/civilwar.html](http://boingboing.net/2012/08/23/civilwar.html)

~~~
zigzigzag
nullc makes a similar comment below.

I had thought this was too obvious to bother pointing out, but no, root
exploits are not a good thing. The reason phones use kernel sandboxing is to
allow users to install apps and have confidence the permissions granted mean
something. A root exploit means any app or update you install may turn the
phone into spyware, a portable bug-in-your-pocket.

The number of users who care about _that_ is measured in billions (all phone
users). The number of phone users who care about getting a root shell for
their own use is vanishingly small, especially as people who care about that
buy phones like the Nexus that have unlocked bootloaders anyway.

So no - this sort of exploit is pretty damn bad. The number of people hurt is
multiple orders of magnitude higher than the number of people "helped", where
that "help" is extremely tenuous anyway.

~~~
rando832
> The number of phone users who care about getting a root shell for their own
> use is vanishingly small

Only a very small number of people care about how /any/ individual piece of
technology could be improved, they have have other things to think about. That
is a not a valid argument. It would be better to have it by some other means
to get root, but it's not as simple as you make it out. Show a user 2
otherwise identical phones, explain that on one phone, they could do things
like tethering, and on the other phone, it's restricted because they can't get
root, they will choose the one where they can get root.

~~~
zigzigzag
Tethering and root access are unconnected: my phone can tether and is
unrooted. Maybe if you get your phone from a US carrier these things are
related, in which case, buy elsewhere?

There really aren't any reasons to try and root an Android phone. If you want
to replace the OS with some custom open source build, just use a phone with an
unlocked bootloader and go wild. But you can already access so many features
and customise so many things without root it hardly seems worth it.

~~~
izacus
But thats his point exactly - one of the phones allows him to get over
customer hostile limitations of some corporation and makes his device more
useful in his life. The other is controlled by a whim of somoeone who sees you
just as a walking wallet.

~~~
zigzigzag
If the carrier is giving you the device on better terms than an outright
purchase then it's not "customer hostile" is it? You can always buy one
instead.

Your attitude seems to be "I should be able to get a cheap phone from a
carrier by agreeing not to tether, and then I should be able to violate that
agreement anyway, and this is a totally moral position". Phones are a
commodity. You can get them anywhere. Want to tether? Buy a phone and a plan
that allows it. Problem solved.

~~~
izacus
No, my attitude is "I should be able to do with my 5GB dataplan whatever I
wish because that's what I pay for and the carrier has no business dictating
why my hardware can or cannot do.". And since I live in EU that is an actual
reality - my carrier provides the voice and data service and my phone does
what I tell it to and I can choose whichever phone I want. Free market as it
should be.

Which is why it baffles me beyond all limits just why so many smart Americans
go out of their way to defend corporate practices that hurt them as customers.

~~~
nucotano
Read your contract. You don't pay for a "5GB data plan". You pay for a "5GB
data plan to be used on your mobile only". Violating your contract is not
"free market".

~~~
userbinator
What does "to be used on your mobile only" even mean? Does it mean you can't
transfer any data downloaded on the phone to anywhere else? That's ridiculous.
Or perhaps it means the connection must be via your phone, which is definitely
the case if you are tethering. A data plan is an Internet connection. However
you look at it, it's a gross violation of net neutrality principles to say
what you can or cannot do with the data transferred through it.

~~~
nucotano
It means what you know it means.

------
dancek
So, the proof of concept code is at
[https://github.com/vusec/drammer](https://github.com/vusec/drammer) . Can we
get a reliable rooting tool based on this?

------
tmzt
Interesting. This is not something that has a simple fix and can be patched.
The arms race continues.

Or we could end it and give users (limited) root access to their stock phones.
Let us run OCI containers with restricted root user accounts. Bind mount
certain filesystems given the correct Android permissions, such as the SD card
or internal storage, or the user's emulated root. Or supported nested ARM
virtualization.

Modern Linux supports a uid 0 with less than complete access in a cgroup,
using the LSM to regulate specific capabilities, or creating the cgroup with
limited caps to begin with.

Make access to areas the carrier considers sensitive conditional on a
capability, or limit access to the full video decode hardware or shared memory
from this root jail.

I have been able to compile but not run the runc binary from OCI/docker/rkt.
Nested cgroupfs would solve a lot of these restrictions.

------
smegel
> It's not uncommon for different generations of the same phone model to use
> different memory chips.

Actually the same generation of the same phone can use different memory chips
and be produced by different manufacturers. It's very common for Apple and
Samsung where they can't source enough parts from a single manufacturer.

~~~
Natanael_L
Not just because of not getting enough chips. Sometimes it is plain hedging
against potential flaws, or supply chain failures.

~~~
TorKlingberg
Or just to have a strong position if one manufacturer tries to raise the
price.

------
Aissen
Very interesting application of the rowhammer. Funny that it comes at the same
time [http://dirtycow.ninja](http://dirtycow.ninja) allows us to write very
reliable and portable exploits (which should be applicable to Android).

------
rcthompson
Is there any way to statically analyze an app for code that might be
attempting to execute a rowhammer attack? I'd imagine that rowhammer requires
a tight loop doing nothing but writing to the same value in memory repeatedly,
or something similarly recognizable. Such a tool could be used to at least
keep any malicious apps out of the play store. It would probably be fine if it
sometimes gave false positives on innocuous code that a human (at Google)
could override after inspecting the suspect code.

~~~
gizmo686
Doubtful. A malicious app could always programatically write the attacking
binary after it has been installed. At that point, you no longer have serious
performance requirements, so you can make the functionality as obfuscated as
necessary. Not to mention the possibility of self modifying code, or
downloading the payload from the internet.

~~~
rcthompson
How much of this is possible within an Android app? Are Android apps allowed
to download a file and then make it executable?

~~~
BoorishBears
With root? Yes, you don't even need special permissions past an Internet
permission.

SuperSU is popular app used to limit which apps can get root permission via
the su binary. But depending on the way the device is rooted you can actually
use root permission to remove SuperSU while leaving the binary that grants
root in-tact.

This allows you to create a "backdoor" in which your "legitimate app" asks for
root, then downloads an update and deletes SuperSU, allowing the payload (and
any other apps) to get root access silently.

~~~
rcthompson
If you already have root, then you don't need to execute a rowhammer attack to
gain root. I'm asking if an Android app with no root access on an un-rooted
phone has a way to execute code that wasn't included with the apk, in order to
hide the code that executes the rowhammer attack. If not, then a static
analyzer that detects rowhammer attacks in the code of an apk would be
sufficient.

~~~
viraptor
You can even execute the rowhammer attack from the loaded javascript:
[https://github.com/IAIK/rowhammerjs](https://github.com/IAIK/rowhammerjs)
There's no protection against it really. It doesn't matter if you can scan
APKs for this behaviour if any app can open a webview with the right page.

~~~
rcthompson
Thanks, this pretty clearly answers the question.

------
ikeboy
So any bets on when a jailbreak based on this is developed?

~~~
desdiv
Root is to Android what jailbreak is to iOS, and the proof of concept[0] that
was released is exactly that rooting tool.

[https://play.google.com/store/apps/details?id=org.iseclab.dr...](https://play.google.com/store/apps/details?id=org.iseclab.drammer)

~~~
ikeboy
Except jailbreaks are historically much harder to find than root exploits. iOS
10 still has no public jailbreak.

You can see this reflected in the going rates for vulnerabilities,
respectively. A remote iOS jailbreak can net you a cool 1.5 million, while
Android goes for
$200,000.[http://arstechnica.com/security/2016/09/1-5-million-
bounty-f...](http://arstechnica.com/security/2016/09/1-5-million-bounty-for-
iphone-exploits-is-sure-to-bolster-supply-of-0days/)

~~~
m_eiman
Is there any reason to suspect that the same technique wouldn't work to get
root on iOS?

Then there's the slight problem of rootless that makes it harder to do a
permanent jailbreak, but getting root should be a pretty decent step along the
way.

~~~
userbinator
"rootless" is no real obstacle, Rowhammer is almost an arbitrary memory
modification exploit. All you need to do(!) is find and modify the appropriate
bits, and you will have full control. With "sufficient" effort you should be
able to get files in persistent storage modified too, and from there get a
permanent jailbreak.

------
jasoncchild
I first read bout this a few months ago. Coming from a hardware background I
was particularly struck by how damned clever this is!

~~~
PhantomGremlin
It's clever because you aren't a memory design or test engineer. This type of
problem has been known and tested for since shortly after DRAM was invented.

E.g. here's a 1977 databook from Mostek, at the time the premier DRAM
manufacturer:
[https://archive.org/stream/bitsavers_mostekdataryProducts_17...](https://archive.org/stream/bitsavers_mostekdataryProducts_17995288/1977_Mostek_Memory_Products_djvu.txt)

Look at these tests in particular:

    
    
       Adjacent Row Disturb Refresh
       Column Disturb
       Pattern Sensitivity
    

Look at the details of the column disturb test:

 _Column is written with an all ones data pattern an "0" is then written into
row of the column 100 times followed by reading all other bits of the column
and checking each bit for a logic "1" output. Row of the column is then
rewritten to a "1" and the procedure is repeated for rows 1,2,3, ... 63 of the
column under test. The entire procedure is then repeated for columns 1-63._

That particular test step is only repeated 100 times, because it's a
_production_ test and short test time is critical. You can bet that in design
verification the chip was characterized a lot more thoroughly.

The downside of increasing memory sizes over the decades (now literally
billions of bits in a single chip rather than thousands) is reduced design
margins. So we get rowhammer.

You can bet that rowhammer did _not_ come as any surprise to key engineers at
the DRAM manufacturers. They just didn't take it very seriously as a possible
real world problem, because the access patterns required to cause it are
atypical from those of "normal" operation.

~~~
userbinator
_You can bet that rowhammer did not come as any surprise to key engineers at
the DRAM manufacturers. They just didn 't take it very seriously as a possible
real world problem, because the access patterns required to cause it are
atypical from those of "normal" operation._

I bet there are also plenty of others wondering whether it's actually a known
backdoor that's been used secretly for a long time, and this is just an
independent discovery since everyone else who knew about it were told to keep
quiet...

~~~
PhantomGremlin
Before Snowden, I might have dismissed your post as simple paranoia. But now,
to steal a few words from 'jasoncchild', it just might be "damned clever".

All of which means that right now there are probably guys posting in an HN
discussion thread on NSA's private comment site. They're saying something
like: _it 's only clever because he's not a spook ... we've been doing this
for the last decade._ :)

------
cairo_x
There's something about Rowhammer that warms the cockles of my heart.

------
SixSigma
Rowhammer was first presented in 2014

[https://en.wikipedia.org/wiki/Row_hammer](https://en.wikipedia.org/wiki/Row_hammer)

