Google experts discover a new and more powerful variant of Rowhammer attacks

Google Project Zero researchers revealed the discovery of a new Rowhammer attack variant that targets RAM cards and can be more devastating than previously revealed attack methods. Rowhammer is a cyberattack variant detected in 2014 and is capable of abusing the design of modern, memory cell-based RAM cards.

This attack depends on a malicious application capable of performing read/write operations on the memory cells of the compromised system. These cells change their values from 0 to 1 and vice versa in a short time, generating almost imperceptible electromagnetic changes at first. As a result, nearby memory rows sometimes alter adjacent bits and data fail.

Rowhammer’s initial attacks targeted DDR3 RAM cards, but experts continued to investigate the topic until they discovered that Rowhammer attacks could also affect DDR4 RAM by running JavaScript code uploaded to a website or by sending specially designed network packets.

Researchers later also discovered that Rowhammer attacks can be used in order to steal data from RAM, and that an attack could be enhanced using graphics cards installed on the target system.

Hardware vendors responded to these attacks by implementing a set of mitigations known as Target Row Refresh (TRR). When enabled on a RAM card, TRR would combine a set of hardware and software configurations to detect and decrease the effects of Rowhammer attacks. These mitigations are not always functional, and researchers demonstrated that a new variation of Rowhammer’s initial attack called TRRespass could bypass TRR mechanisms even on the latest generation of RAM cards.

Google researchers proved they’ve taken Rowhammer attacks to a new level. In a new attack variant, the researchers managed to deploy a Rowhammer attack that altered the bits of multiple cells instead of one at a time.

In other words, even though RAM cards become smaller and smaller, the distance between rows of memory was also reduced, allowing the electromagnetic field caused by Rowhammer to reach more memory cells than early versions of the attack.

While no incidents related to this attack have been detected in real-world scenarios, Google researchers believe this may be about to change. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.