bit flippingThere are easy ways to hack, and then there are hard ways to hack. Script kiddies, for instance, simply take an existing virus or exploit, change a few lines, and release it as their own. Piece of cake.

Hardcore hacking takes more than that and bit-flipping for instance is taking it to a whole new level.

Here the hacker needs to write an exploit that literally accesses certain areas of RAM over and over again until it causes an error by “flipping bits”. To cause the right kind of error, the kind that creates mischief or damage, is an additional layer of complexity – you have to flip those bits just right.

The notion of bit-flipping is similar to what happened 21 years ago with the Intel Pentium. In 1994, the Intel P5 Pentium floating-point unit had a bug that could return incorrect results when doing complex calculations.

Bit-flipping is a way of tricking computer hardware into errors, errors that are far more serious than the occasional math lapses of the P5 Pentium and can, amongst other things, lead to privilege abuse.

Security expert Bruce Schneier explained how bit-flipping works using the Rowhammer exploit as an example of how to attack DRAM.

“In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer’s memory, “hammering” it until the charge from that row leaks into the next row of memory. That electromagnetic leakage can cause what’s known as “bit flipping,” in which transistors in the neighboring row of memory have their state reversed, turning ones into zeros or vice versa. And for the first time, the Google researchers have shown that they can use that bit flipping to actually gain unintended levels of control over a victim computer. Their Rowhammer hack can allow a “privilege escalation,” expanding the attacker’s influence beyond a certain fenced-in portion of memory to more sensitive areas,”

Once the hacker has access to the hardware, they have read-write access. A blunt force approach would just corrupt the memory. A finer-tuned approach lets the hacker control what is written to RAM and what the impact is.

Intel itself understands the problem, and even crafted the paper “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors.” The paper explores the notion of the possibility of corrupting data in nearby addresses in DRAM whereby data that is activated in the same DRAM row corrupts data in nearby rows. Intel explain how they managed to demonstrate bit-flipping on Intel and AMD systems by inducing errors in most DRAM modules, corrupting 110 out of 129 modules, from three major manufacturers.

While bit-flipping today is more theoretical than practical, once successful exploits add up, more hackers will jump on the bandwagon. Since many computers share common bits of underlying hardware, one successful exploit could mess with millions of machines.