Did you think that your processor’s RAM was your computer’s only Achilles’ heel in the face of hardware attacks? Think again. Researchers have just brilliantly demonstrated that Nvidia graphics chips can be physically exploited to take over the entirety of a system.
For a decade, the hacking technique called “ Rowhammer » gives cybersecurity engineers a cold sweat. The concept is as brutal as it is fascinating: it involves bombarding a specific area of memory (DRAM) with ultra-fast requests to create electrical interference. These disturbances end up altering neighboring cells, literally transforming 0s into 1s, and vice versa. Discovered in 2014 on DDR3 strips, this hardware vulnerability already made it possible to bypass the security of a system to take control of it.
Today, the threat changes target and attacks the heavy artillery: graphics cards. Two teams of independent researchers have just proven that the video memory (GDDR) of Nvidia GPUs is not only vulnerable, but that it constitutes a formidable springboard to completely compromise the host machine.
« GDDRHammer and GeForge »: when the GPU betrays the central processor
Last year, the first attempts at “ hammering » on graphics cards had given timid results, generating just enough errors to disrupt a neural network. With the new methods called GDDRHammer and GeForge, we move to a whole new level of nuisance. By targeting Nvidia’s Ampere generation (notably the RTX 3060), experts have managed to wreak havoc on memory. The GeForge attack, for example, generated up to 1,171 bit inversions on a simple RTX 3060.
The secret to this frightening success lies in an ingenious technique called ” memory massage HAS”. By default, Nvidia drivers store their paging tables (the navigation maps that indicate where data is located) in an area protected from electrical interference. Hackers therefore use targeted strikes to force the system to move this vital data to more vulnerable sectors of GDDR memory.
Once the video memory is corrupted, the attacker grants himself full reading and writing rights on the graphics chip. Worse still, by manipulating these accesses, the malicious code manages to target the physical memory of the central processor (CPU). The attack allows you to gain access “ root » under Linux, signifying the total compromise of the machine.
Should you panic and unplug your equipment? For now, only these Ampere generation cards have been confirmed as vulnerable. More recent models, using new memory architectures, have not yet been dissected by academics. Additionally, for the trap to close, a crucial option on your motherboard must be disabled: the IOMMU (Input-Output Memory Management Unit).
The problem is that this deactivation is the default setting on almost all BIOSes, in order to maximize compatibility and avoid drops in performance. Reactivating the IOMMU instantly closes this vulnerability by isolating the GPU from sensitive areas of central memory.
Another solution is to enable ECC error correction from the command line, although this takes away some of the available memory. Rest assured, however: to date, no Rowhammer attack has ever been detected in the wild. This research work above all serves as a shock to force the cloud industry and manufacturers to rethink the security of our components.
