A Rowhammer is when an attacker bombards rows of RAM memory cells with constant read and write operations that cause the memory cells to change their electrical charge, inherently modifying the stored data bits from 1 to 0 by altering the information stored in the memory. This type of attack came to light in 2014 and was possible because in their obsession with creating bigger RAMs, vendors pushed memory cells too close to each other, allowing for the “bit flip” effect.
Today, a group of cybersecurity specialists published an investigation detailing the finding of SMASH, a new variant of the Rowhammer attack that allows a malicious JavaScript condition to be triggered on the latest DDR4 RAM cards despite mitigations implemented by manufacturers for many years. around 5 years. According to the report, despite the security mechanisms present in DRAM Target Row Refresh (TRR), some of the newer DDR4 modules are still exposed to bit shifts derived from conditions derived from a Rowhammer scenario.
The new attack variant exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based multifaceted Rowhammer. To bypass TRR mitigations, SMASH carefully schedules cache hits and misses to activate the multi-faceted Rowhammer bit.
This attack relies on a malicious application capable of performing read / write operations on the memory cells of the compromised system. Because cells change their values from 0 to 1 and vice versa in a short time, generating almost imperceptible electromagnetic changes at first. As a result, errors occur in nearby memory rows, sometimes disrupting adjacent bits and data.
Rowhammer’s initial attacks targeted DDR3 RAM memory cards, but experts continued to investigate the issue until they discovered that Rowhammer’s attacks could also affect DDR4 RAM by running JavaScript code loaded onto a website or via of sending specially designed network packets. Researchers later also discovered that Rowhammer attacks can be used to steal data from RAM, and that an attack could be powered by using graphics cards installed in the target system.
See also:
Logic bomb programmed Virus
Cold Boot Attack – A risk to our information
