The End of Trust?

The End of Trust?. Using Memory Errors to Attack a Virtual Machine

We present an experimental study showing that soft memory errors can lead to serious security vulnerabilities in Java and .NET virtual machines, or in any system that relies on type-checking of untrusted programs as a protection mechanism. Our attack works by sending to the JVM a Java program that is designed so that almost any memory error in its address space will allow it to take control of the JVM. — Sudhakar Govindavajhala, Andrew W. Appel

I've heard that it was possible to hack smartcards and similar devices before by tampering with them, but I've never understood how it was done until now. Apparently some security experts claim to have been aware of this technique for many years.  [PHP Everywhere]

Leave a comment