<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Begin forwarded message:</div><br class="Apple-interchange-newline"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">"S. E. Anderson" <<a href="mailto:ebontek@earthlink.net" class="">ebontek@earthlink.net</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">[SftPOrganizing] Forget Software—Now Hackers Are Exploiting Physics</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">September 1, 2016 at 5:12:14 AM PDT<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">sftporg <<a href="mailto:sftporg@googlegroups.com" class="">sftporg@googlegroups.com</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:sftporg@googlegroups.com" class="">sftporg@googlegroups.com</a><br class=""></span></div><br class=""><div class=""><div style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; font-size: 18px; color: rgb(0, 48, 37); font-family: garamond, serif;" class=""><font color="#ffff00" class=""><b class=""><font size="6" class=""><span class="marg-r-sm link-underline-sm" itemprop="author"></span><span class="visually-hidden"></span><time role="presentation" class=""></time><span style="background-color: rgb(255, 0, 255);" class="">Forget Software—Now Hackers Are Exploiting Physics</span></font></b></font><figure id="attachment_2076845" class="wp-caption landscape relative alignnone" data-js=""><img data-order="0" data-ui="overlayOpen" class="wp-image-2076845 size-large cursor-zoom" data-pin-description="Forget Software—Now Hackers Are Exploiting Physics" src="https://www.wired.com/wp-content/uploads/2016/08/GettyImages-603192423-1024x731.jpg" alt="GettyImages-603192423.jpg" height="322" width="452"><figcaption class="link-underline wp-caption-text"><span class="marg-r-micro"></span><span class="credit link-underline-sm"><span class="ui inline-block ui-credit opacity-6 relative marg-r-sm ui-illo no-caption"></span></span></figcaption></figure><p class=""><span tabindex="-1" class="lede"><span class="marg-r-sm link-underline-sm" itemprop="author"><b class=""><a tabindex="-1" role="presentation" rel="author" href="https://www.wired.com/author/andygreenberg/" class="">Andy Greenberg</a> </b></span><span tabindex="-1" role="presentation" itemprop="articleSection" class="">Security</span></span><span class="visually-hidden"><br class=""></span></p><p class=""><span class="visually-hidden">Date of Publication: 08.31.16.</span></p><p class=""><span class="visually-hidden"><a href="http://wired.com/" class="">wired.com</a></span></p><p class=""><span class="visually-hidden"><br class=""></span></p><p class=""><span tabindex="-1" class="lede">Practically every word<span class="Apple-converted-space"> </span></span>we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.</p><p class=""><br class=""></p><p class="">Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.</p><h3 class="">Breaking Assumptions</h3><p class="">Both of those new attacks use a technique Google researchers<span class="Apple-converted-space"> </span><a href="https://www.wired.com/2015/03/google-hack-dram-memory-electric-leaks/" class="">first demonstrated last March called “Rowhammer.”</a><span class="Apple-converted-space"> </span>The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.</p><p class=""><br class=""></p><p class="">It’s messy. And mind-bending. And it works.</p><p class=""><br class=""></p><p class="">Rowhammer and similar attacks could require both hardware and software makers to rethink defenses based on purely digital models. “Computers, like all technologies really, are built in layers that make assumptions of one another. Think of a car, assuming its wheels roll and absorb shocks, and don’t melt into goop when they get wet,” says security researcher Dan Kaminsky, who found a fundamental flaw in the Internet’s domain name system in 2008. “What’s interesting about networked technology is the fact that those assumptions can be attacked.”</p><br class="">Last year, Thomas Dullien (one of the inventors of the technique, perhaps better known by his hacker handle Halvar Flake) and his fellow Google researchers showed that they could use electricity leakage to flip crucial bits in the DRAM memory of a set of laptops, the first proof that charge leakage could be predictable and exploitable. Researchers in Austria and France<span class="Apple-converted-space"> </span><a href="http://arxiv.org/pdf/1507.06955v1.pdf" target="_blank" class="">followed up a few months later</a><span class="Apple-converted-space"> </span>to show the attack could be enabled by javascript code running in a browser.<p class=""><br class=""></p><p class="">Those variations on Rowhammer, along with the newest ones presented at Usenix, show that the hacker world is increasingly focused on techniques that break those fundamental assumptions of computing. “Rowhammer is just scratching the surface,” says Dullien. “This has the potential to be a gigantic field of research.”</p><h3 class="">Making Rowhammer Practical and Specific</h3><p class="">The latest attacks take Rowhammer in a new direction, applying it to cloud computing services and enterprise workstations rather than consumer PCs. One<span class="Apple-converted-space"> </span><a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_xiao.pdf" class="">attack by a group of Ohio State researchers</a><span class="Apple-converted-space"> </span>used the technique to hack Xen, the software used to partition computing resources on cloud servers into isolated “virtual machines” rented to customers. The hack breaks out of those virtual machines to control deeper levels of the server.</p><p class=""><br class=""></p><p class="">A<span class="Apple-converted-space"> </span><a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf" target="_blank" class="">second paper</a><span class="Apple-converted-space"> </span>by Dutch and Belgian researchers achieves a similar effect, and also shows a new way to use Rowhammer more reliably. It exploits a feature called “memory de-duplication” that combines identical parts of virtual machines’ memory into a single place in the memory of a physical computer. On the Dell workstation the researchers tested, they could write data into the memory of a virtual machine and then use that data to locate and “hammer” the physical transistors underlying not just those bits of data, but the identical bits on someone else’s virtual machine running on the same computer.</p><p class=""><br class=""></p><p class="">The trick, which the researchers call “Flip Feng Shui,” allowed the group to pull off highly targeted hacks, like sabotaging an encryption key so that they could later decrypt a target’s secrets. “It’s less like a flamethrower and more like a sniper rifle,” says Ben Gras, one of the researchers at the University of Vrije who came up with it.<sup class="">1</sup></p><h3 class="">A New Level of Stealth</h3><p class="">Rowhammer is far from the only new hacking technique that exploits computers’ physical properties. Proof-of-concept malware shown off by Israeli researchers over the summer, for instance, uses the sound of<span class="Apple-converted-space"> </span><a href="https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/" class="">computers’ cooling fans</a><span class="Apple-converted-space"> </span>or<span class="Apple-converted-space"> </span><a href="http://arstechnica.com/security/2016/08/new-air-gap-jumper-covertly-transmits-data-in-hard-drive-sounds/" class="">hard drive motors</a><span class="Apple-converted-space"> </span>to transmit stolen data as audio. Another group of Israelis showed last year they could use just $300 of handheld equipment to <a href="https://www.wired.com/2015/06/radio-bug-can-steal-laptop-crypto-keys-fits-inside-pita/" class="">extract encryption keys from a computer by monitoring the radio emissions leaked by its processor’s power use</a>.</p><p data-js="fader" class="fader pullquote carve fade-in-up">The result is an ultra-stealthy physical sabotage technique that’s virtually impossible to detect with digital security measures.<span class="Apple-converted-space"> </span><br class=""></p><p data-js="fader" class="fader pullquote carve fade-in-up"><br class=""></p><p class="">But as with Rowhammer, the most disturbing physical hacks are microscopic. University of Michigan researchers have been able to build a secret backdoor into a single cell—a collection of transistors less than a thousandth of the width of a human hair—among billions on a modern microchip. When a hacker who knows about the backdoor’s existence runs a certain program, it causes that cell to pick up charge from nearby transistors and induce a certain bit to flip, just as in the Rowhammer attacks. The result is an ultra-stealthy physical sabotage technique that’s virtually impossible to detect with digital security measures. “It’s operating outside of the Matrix,” says Matthew Hicks, one of the Michigan researchers,<span class="Apple-converted-space"> </span><a href="https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/" class="">who described the technique to WIRED in June</a>.</p><p class=""><br class=""></p><p class="">This kind of exploitation of hardware means that no software update can help. Researchers have identified one countermeasure to Rowhammer’s memory charge leakage: a feature of DRAM called “error-correcting code” constantly corrects abnormal levels of charge in any particular transistor. More widely implementing that feature in computer memory could head off current implementations of the Rowhammer attack.</p><p class=""><br class=""></p><p class="">But Dullien warns that DRAM is just one potential target. “Lots of things—chips, hard disks, whatever—are designed to be OK in the average case but probably not when they’re given adversarial input,” he says. “We don’t know where the next broken piece of hardware will show up. But that’s why everyone’s so excited about researching this more.” Computer scientists may soon find their machines aren’t just vulnerable in ways they haven’t considered, but in ways their digital models don’t even allow them to imagine.</p><p class=""><br class=""></p><p class=""><font size="3" class=""><sup class="">1</sup><em class="">Correction 5:30 pm EST 8/31/2016: An earlier version of the story stated that the “Flip Feng Shui” technique applied to a Dell server, not a Dell workstation, and could be used to alter the generation of an encryption key, when in fact they showed it could be used to alter a pre-existing “public key” so that messages encrypted with that altered public key could be decrypted without the private key.</em></font></p><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><br class=""><div id="elnk_signature_1472731736673" style="margin: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 10pt; font-family: arial, sans-serif;" class=""><pre class="">author- "The Black Holocaust for Beginners"
<a href="http://blackeducator.blogspot.com/" class="">http://blackeducator.blogspot.com</a></pre></div><br class=""><br class=""></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class="webkit-block-placeholder"></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">--<span class="Apple-converted-space"> </span></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">You received this message because you are subscribed to the Google Groups "Science for the People Organizing Group" group.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">To unsubscribe from this group and stop receiving emails from it, send an email to<span class="Apple-converted-space"> </span></span><a href="mailto:sftporg+unsubscribe@googlegroups.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">sftporg+unsubscribe@googlegroups.com</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">To post to this group, send email to<span class="Apple-converted-space"> </span></span><a href="mailto:sftporg@googlegroups.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">sftporg@googlegroups.com</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">To view this discussion on the web visit<span class="Apple-converted-space"> </span></span><a href="https://groups.google.com/d/msgid/sftporg/25086676.1472731934877.JavaMail.wam%40elwamui-polski.atl.sa.earthlink.net?utm_medium=email&utm_source=footer" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">https://groups.google.com/d/msgid/sftporg/25086676.1472731934877.JavaMail.wam%40elwamui-polski.atl.sa.earthlink.net</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">For more options, visit<span class="Apple-converted-space"> </span></span><a href="https://groups.google.com/d/optout" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">https://groups.google.com/d/optout</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">.</span></div></blockquote></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><span style="font-size: 12px;" class="">Thanks,</span></div><div style="font-size: 12px;" class=""><br class=""></div><div style="font-size: 12px;" class="">Brian</div><div style="font-size: 12px;" class="">--</div><div style="font-size: 12px;" class="">Brian J. Fox</div><div style="font-size: 12px;" class="">Founder/CEO</div><div style="font-size: 12px;" class="">Opus Logica, Inc.</div><div style="font-size: 12px;" class="">A: 901 Olive St., 93101</div><div style="font-size: 12px;" class="">O: 76-BAFFLE-76</div><div style="font-size: 12px;" class=""><span style="orphans: auto; widows: auto;" class="">C: 805.637.8642</span><br style="orphans: auto; widows: auto;" class=""></div></div></div>
</div>
<br class=""></body></html>