Hacking a PC's RAM is much easier than we imagined

Cybersecurity is a big issue these days when almost everyone uses online payment options and a lot of their personal and financial data passes through a computer. Unfortunately for us, there's a huge array of attacks that hackers can use against us and researchers have just proved that one of the nastiest ones is a lot easier to execute than we imagined. According to them, all it takes is a malicious web app and an infected video file for your RAM to be hacked.

For those of you who aren't tech-savvy, the RAM that's inside your PC can also be hacked, allowing attackers to take control of your computer or steal data. What's even worse is that it's incredibly hard to figure out if your RAM has been hacked and cleaning the infection is near impossible. The attack uses a technique called bitflipping that exploits a physical weakness in dynamic random-access memory (DRAM) to gradually change the values row-by-row.

Up until now, the general idea was that the only way to perform this attack was by using a Java script code and even then, it would only work on a limited number of platforms. However, security researchers have just proved that it can be performed much easier than that. According to their study, bitflipping attacks could be triggered by using code that's already present on the victim's PC. These vulnerable instructions are non-temporal, which means that they're saved on the DRAM chip and not in the cache, thus giving direct access to the targeted areas. All an attacker would need to trigger this code would be a malicious Web app that could strip away the protections and then an infected video or app could completely rewrite the code, hacking into your RAM.

If you're interested in finding out ways of protecting yourself against this kind of attacks, I'm afraid that there's not too much that I can tell you. The only thing you could try is being careful with the web apps that you use and the applications that you install on your PC, but that's not always possible. Furthermore, since this attack targets a physical vulnerability and not a software problem, fixing this problem is going to be a complete nightmare as it will require everyone to change their hardware.

In case you want to read more interesting security-related stories, I recommend: "How to know if your PC is part of a botnet" or "The most common ways of breaking into a Windows PC".

Comments

0 comments
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strike> <strong>