/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE: Sudhakar Govindavajhala, an Indian research student in Princeton has explained an attack that can overcome the security in Java and .NET virtual machines. The attack, however, requires physical access to your computer or smart device and cannot be performed remotely, over the Internet. This technique could however be used with success on smartcards.
"Our experimental study shows that soft memory errors can lead to serious security vulnerabilities in Java and .NET virtual machines, or in any system that relies on type-checking of untrusted programs as a protection mechanism. Our attack works by sending to the JVM a Java program that is designed so that almost any memory error in its address space will allow it to take controlof the JVM. All conventional Java and .NET virtual machines are vulnerable to this attack. The technique of the attack is broadly applicable against other language-based security schemes such as proof-carrying code.", says Sudhakar on the Princeton University website.
The experimental study uses a hacking method that relies on the ability of energy to "flip bits" in memory. Heat and cosmic rays can rarely cause a random bit in memory to change from 0 to 1 or vice versa, but Govindavajhala ensured that this happened with some heat. He used a lamp to heat up the chips inside a computer and cause one or more bits of memory to change.
"We measured the attack on two commercial Java Virtual Machines: Sun’s and IBM’s. We show that a single-bit error in the Java program’s data space can be exploited to execute arbitrary code with a probability of about 70%, and multiple-bit errors with a lower probability. The same code can easily be changed a bit to attack .NET virtual machines also", says Sudhakar.
He also adds, "India : Now, when I heat the memory chip with a lamp and can get a memory error in about 1-2 minutes. Now, in India, some places goto 50C in summer. Probably bits are already flipping in my homeland. Now, all I need to do to take over a good number of machines in India is to put this applet up on my web page and wait for hits from India in summer. Computers of a billion people are at stake. " Perhaps a little far-fetched but the possibility cannot be ruled out.
Sudhakar also describes the countermeasures for the attack. " Parity checking to detect single-bit memory errors, and more sophisticated error-correcting codes (ECC) to correct single-bit errors and detect multiple-bit errors, have been known and deployed for decades. The cost is small. However, many or most mainstream desktop personal computers are sold without memory error detection hardware. "
So why don’t PC manufactures implement the memory error detection hardware?
"One possible explanation is the price competition and low profit margins in the commodity PC business. If memory chips account for a quarter of the cost of a PC, and error detection adds a 12.5% overhead to the cost of the memory, then error detection adds a 3% overhead to the cost of the entire box; this is likely to be larger than the profit margin of the PC assembler/reseller." says Sudhakar.