VUSec has two presentations accepted at Black Hat Europe this year: (i) Flip Feng Shui (Rowhammer+dedup for reliable bit flip exploitation) and (ii) clang’s SafeStack bypass based on our thread spraying and allocation oracles work on information hiding.
Flip Feng Shui was presented at USENIX Security 2016 2 weeks ago. This novel attack technique combines a hardware vulnerability with a physical memory massaging primitive to mount a reliable attacks anywhere in the software stack. In particular, we demonstrate practical cross-VM attacks on OpenSSH and GnuPG using Rowhammer and KSM.
Given its practical impact, the Dutch National Cybersecurity Centre took the lead in disclosing Flip Feng Shui. They initiated disclosure to their counterparts in several other countries, as well as to application vendors, OS vendors, hypervisor vendors, and cloud providers. Prior to our talk at USENIX Security, the details of this technique were kept private.
Press & Vendor Coverage
The press has also picked up on this and there is quite some coverage. Arstechnica has a thorough piece on this work. Steve Gibson described Flip Feng Shui as “the most incredibly righteous and sublime hack… ever” in one of the Security Now! podcasts. WIRED also has the right idea: Forget Software—Now Hackers Are Exploiting Physics. Bruce Schneier posted a news item on his blog and there are podcasts by Risky Business (http://risky.biz/RB422 @ 31:40). Other international news items include: The Register, Infoworld, Slashdot, The Stack, Softpedia, Science Daily, and CORDIS.
Other local items popped up in China (Tech.qq.com, Sohu), Finland (Viestintävirasto), France (Silicon), Germany (Deutschlandfunk), Italy (Repubblica.it, HostingTalk), The Netherlands (Security.nl, Computable, Tweakers.net), Poland (Sekurak), Russia (Securitylab.ru), Spain (WWWhat’s new), Ukraine (KO).
Our Dedup+Rowhammer research made it to various international publications, including The Register, SearchSecurity (with mistakes), Softpedia, TechTarget, Risky Business (http://risky.biz/RB414 @ 13:37), and others.
The slides from Erik Bosman’s S&P 2016 talk are here.