Latest addition to hacker toolkits – a light bulb
Shining a light on virtual machine flaws
Customer Success Testimonial: Recovery is Everything
Java and .Net virtual machines can be prised open with a little ingenuity and hacking tools as crude as a light bulb, according to a pair of Princeton University researchers.
The attack, presented in a paper presented at an IEEE Symposium on Security and Privacy in Oakland this week, relies on creating memory errors on a virtual machine using the heat from a light bulb. By causing bits to flip on silicon running a virtual machine, the security model underpinning the process is broken. This is because a machine will no longer faithfully follow its specified instruction set.
Typically, this technique would simply cause a system to crash. But by inserting code into memory and filling the rest of the memory space with the address of the free code, researchers Andrew Appel and Sudhakar Govindavajhala succeed in getting the potentially malicious code to execute 70 per cent of the time.
Given physical access to a computer there could be many more straightforward attack mechanisms. The researchers said their attack is particularly relevant against smart-cards (which contain their own processor) and tamper-resistant computers. Most of their work so far has concentrated on smart cards, where the implications of the attack are particularly serious.
"There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data," Govindavajhala told CNET.
Appel and Govindavajhala's paper, Using Memory Errors to Attack a Virtual Machine is here. Govindavajhala's Web site links to more background material. ®
Related Stories
Poison applet could wipe Windows PCs
Flaws in Microsoft VM. Fix now
Gummi bears defeat fingerprint sensors
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
