{"id":34297,"date":"2021-11-26T15:00:55","date_gmt":"2021-11-26T20:00:55","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=34297"},"modified":"2021-11-26T15:00:55","modified_gmt":"2021-11-26T20:00:55","slug":"new-rowhammer-techniques","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/11\/26\/new-rowhammer-techniques\/","title":{"rendered":"New Rowhammer Techniques"},"content":{"rendered":"

Catalin Cimpanu<\/a> (via Hacker News<\/a>):<\/p>\n

Google says Rowhammer attacks are gaining range as RAM is getting smaller\nA team of Google security researchers said they discovered a new way to perform Rowhammer attacks against computer memory (RAM) cards that broaden the attack’s initial impact.<\/p>

[…]<\/p>

Initial Rowhammer attacks targeted RAM DDR3 memory cards, but academics kept researching the topic. In the following years, they also discovered that Rowhammer attacks could also impact RAM DDR4<\/a>, that attacks could be executed via JavaScript code<\/a> loaded on a web page, or even via network packets<\/a> sent directly to a computer’s networking card.<\/p>

Furthermore, researchers also found that Rowhammer attacks could also be used to exfiltrate data from the RAM<\/a> (not only alter it) and that attacks could also be accelerated by using locally installed GPU<\/a> or FPGA<\/a> cards.<\/p>

[…]<\/p>

In a new attack variation named Half-Double<\/strong>, researchers said they managed to carry out a Rowhammer attack that caused bit flips at a distance of two rows from the “hammered” row instead of just one.<\/p><\/blockquote>\n\n

Computer Security Group<\/a> (via Bruce Schneier<\/a>):<\/p>\n

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort.<\/p>

[…]<\/p>

As the search space of non-uniform patterns is huge, we conducted a series of further experiments to determine the structure of patterns that effectively bypass TRR. Our experiments showed that the order<\/em>, regularity,<\/em> and intensity<\/em> of accessing aggressor rows in non-uniform patterns are essential. We noticed that our observations nicely match with common parameters of the frequency domain, namely frequency<\/em>, phase<\/em>, and amplitude<\/em>. We used these parameters to design frequency-based<\/em> Rowhammer patterns that can effectively explore the space of non-uniform patterns. We implemented these patterns in a black-box fuzzer named Blacksmith that determines suitable parameter values crafting effective patterns targeting a specific device.<\/p><\/blockquote>\n\n

Previously:<\/p>\n