Google researchers have published their findings on a new Rowhammer technique that expands attackers' reach on a target machine as DRAM chips become smaller.
Rowhammer, first reported in 2014, is a vulnerability through which repeated access to one address can allow an attacker to compromise data stored at other addresses. When one DRAM row is accessed repeatedly (the "aggressor"), "bit flips" were found in the adjacent two rows (the "victims"). As "hammered" cells changed value, it caused data to change in adjacent rows.
In the past, Rowhammer has been understood to operate at the distance of one row. However, in the newly discovered Half-Double attack, Google researchers found Rowhammer's effects can propagate to rows beyond the target cell's adjacent neighbors, though with less strength. The attack could be used to cause bit flips two rows from the victim, instead of one row.
"Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B," researchers wrote in a blog post on their findings.
Their discovery indicates that as RAM chips have grown smaller, the Rowhammer attack can be used to affect a greater number of cells. "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down," the researchers said in their post.
Read Google's full blog post for more details.