Feeds

Latest addition to hacker toolkits – a light bulb

Shining a light on virtual machine flaws

  • alert
  • submit to reddit

SANS - Survey on application security programs

Java and .Net virtual machines can be prised open with a little ingenuity and hacking tools as crude as a light bulb, according to a pair of Princeton University researchers.

The attack, presented in a paper presented at an IEEE Symposium on Security and Privacy in Oakland this week, relies on creating memory errors on a virtual machine using the heat from a light bulb. By causing bits to flip on silicon running a virtual machine, the security model underpinning the process is broken. This is because a machine will no longer faithfully follow its specified instruction set.

Typically, this technique would simply cause a system to crash. But by inserting code into memory and filling the rest of the memory space with the address of the free code, researchers Andrew Appel and Sudhakar Govindavajhala succeed in getting the potentially malicious code to execute 70 per cent of the time.

Given physical access to a computer there could be many more straightforward attack mechanisms. The researchers said their attack is particularly relevant against smart-cards (which contain their own processor) and tamper-resistant computers. Most of their work so far has concentrated on smart cards, where the implications of the attack are particularly serious.

"There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data," Govindavajhala told CNET.

Appel and Govindavajhala's paper, Using Memory Errors to Attack a Virtual Machine is here. Govindavajhala's Web site links to more background material. ®

Related Stories

Poison applet could wipe Windows PCs
Flaws in Microsoft VM. Fix now
Gummi bears defeat fingerprint sensors

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.