Friday, November 26, 2021 [Tweets] [Favorites]

New Rowhammer Techniques

Catalin Cimpanu (via Hacker News):

Google says Rowhammer attacks are gaining range as RAM is getting smaller A team of Google security researchers said they discovered a new way to perform Rowhammer attacks against computer memory (RAM) cards that broaden the attack’s initial impact.

[…]

Initial Rowhammer attacks targeted RAM DDR3 memory cards, but academics kept researching the topic. In the following years, they also discovered that Rowhammer attacks could also impact RAM DDR4, that attacks could be executed via JavaScript code loaded on a web page, or even via network packets sent directly to a computer’s networking card.

Furthermore, researchers also found that Rowhammer attacks could also be used to exfiltrate data from the RAM (not only alter it) and that attacks could also be accelerated by using locally installed GPU or FPGA cards.

[…]

In a new attack variation named Half-Double, researchers said they managed to carry out a Rowhammer attack that caused bit flips at a distance of two rows from the “hammered” row instead of just one.

Computer Security Group (via Bruce Schneier):

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.

[…]

As the search space of non-uniform patterns is huge, we conducted a series of further experiments to determine the structure of patterns that effectively bypass TRR. Our experiments showed that the order, regularity, and intensity of accessing aggressor rows in non-uniform patterns are essential. We noticed that our observations nicely match with common parameters of the frequency domain, namely frequency, phase, and amplitude. We used these parameters to design frequency-based Rowhammer patterns that can effectively explore the space of non-uniform patterns. We implemented these patterns in a black-box fuzzer named Blacksmith that determines suitable parameter values crafting effective patterns targeting a specific device.

Previously:

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment