- A JackHammer attack is much more difficult to detect because of the FPGA’s direct access to system resources.
- JackHammer attacks can be twice as fast as attacks conducted from CPUs only and can also cause four times as many bit flips.
Researchers have detailed a new version of Rowhammer which uses a combo of a hybrid FPGA and CPU setup to launch more efficient attacks on various forms of PC memory.
A short history of Rowhammer attacks
Rowhammer attacks were first detailed in 2014. The attack exploits a design flaw in DRAM in order to allow attackers to obtain higher kernel privileges on targeted systems. The attack affects the DRAM modules that were manufactured in 2010 and later.
The impact of such attacks can allow attackers to steal data from attacked systems, instead of just altering it.
New JackHammer attack
JackHammer is a new addition to the list of Rowhammer attack variants. The attack allows a malicious party to abuse FPGA cards to launch better and faster Rowhammer attacks.
Researchers from the Worcester Polytechnic Institute in the U.S. and the University of Lubeck in Germany have revealed that JackHammer attacks which are effectively conducted on FPGA-CPU setups, can be twice as fast as attacks conducted from CPUs only and can also cause four times as many bit flips.
The output is proved after launching an attack against WolfCrypt RSA implementation, part of the WolfSSL Library.
"Our results indicate that a malicious FPGA can perform twice as fast as a typical Rowhammer attack from the CPU on the same system and causes around four times as many bit flips as the CPU attack," the research team said in its research paper.
Interesting anti-detection feature
Furthermore, the academic team also found that a JackHammer attack is much more difficult to detect because of the FPGA’s direct access to system resources. Since most anti-Rowhammer detection systems are configured at the CPU level, this opens a new blindspot in CPU and cloud security.
The research team has listed several mitigation methods that cloud vendors should deploy to secure cloud computing platforms against JackHammer. They include the use of hardware monitoring, partitioning CPU cache, CPU cache pinning, increased refresh rates for DRAM memory and more.