informa
Quick Hits

Google Discovers New Rowhammer Attack Technique

Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips.

Google researchers have published their findings on a new Rowhammer technique that expands attackers' reach on a target machine as DRAM chips become smaller.

Rowhammer, first reported in 2014, is a vulnerability through which repeated access to one address can allow an attacker to compromise data stored at other addresses. When one DRAM row is accessed repeatedly (the "aggressor"), "bit flips" were found in the adjacent two rows (the "victims"). As "hammered" cells changed value, it caused data to change in adjacent rows.

Research into Rowhammer in recent years has revealed DDR3 and DDR4 kinds of memory are vulnerable to the attack. Experts have also found these attacks can be done using JavaScript rather than complicated malware code. These attacks can help an attacker escalate privileges, root a device, or cause denial-of-service attacks against tools like security software.

In the past, Rowhammer has been understood to operate at the distance of one row. However, in the newly discovered Half-Double attack, Google researchers found Rowhammer's effects can propagate to rows beyond the target cell's adjacent neighbors, though with less strength. The attack could be used to cause bit flips two rows from the victim, instead of one row.

"Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B," researchers wrote in a blog post on their findings.

Their discovery indicates that as RAM chips have grown smaller, the Rowhammer attack can be used to affect a greater number of cells. "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down," the researchers said in their post.

Read Google's full blog post for more details.

Recommended Reading: