Researchers from Google have recently identified a new variant of the Rowhammer exploit, named Half-Double. Rowhammer attack is based on the way current DRAM memory chips are designed and the way memory blocks are stocked in a grid.

What has been discovered?

According to researchers from Google, this bug takes the advantage of the physical features of DRAM chips to alter the memory contents.
  • This bug allows a cybercriminal to read and write the operations into rows of memory cells at a fast speed by using malicious applications.
  • Since these chips are very small in size, frequent access to the bits in the signal memory cells allows the user to read to the neighboring memory cells’ contents.
  • Subsequently, a small electromagnetic field is created inside the rows of the memory cells, which results in the flipping of cell values from 0 to 1 and vice versa for the neighboring rows.
  • The characteristic of electrical coupling enables the bypass of software and hardware protection policies. By abusing this, any infected code can obtain complete control of the targeted system.

Additional insights

According to an initial study from 2019, the Rowhammer attack worked on DDR3 RAM chips only. In the past, the same type of attack was executed by the attackers and named RAMBleed.
  • The security researchers carried on with their research, and now they are using a JavaScript code added to a web page that they managed to leverage to attack DDR4 RAM chips.
  • In addition, they claimed that, unlike the traditional attack that influenced only the neighboring rows, the Half-Double attack can target cells across a farther distance.

Conclusion

This recent study on the new Rowhammer variant is expected to help both researchers and industry partners work together and develop a solution to fix this problem. Additionally, experts recommend that the DRAM vendor should use a good combination of hammering distances to test and assess the effectiveness of SoC-level mitigation.

Cyware Publisher

Publisher

Cyware