Researchers have revealed a new type of Rowhammer attack on DRAM devices that can reliably bypass mitigations implemented by vendors after the first such attacks emerged in 2014.
Data in Dynamic DRAM (DRAM) is stored in grids of memory. Rowhammer attacks work by rapidly and repeatedly reading data in one memory row to cause an electrical charge in adjacent memory rows in order to modify or corrupt data.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The latest Rowhammer attack seeks to bypass Target Row Refresh (TRR) mitigations that the DRAM industry added to modern RAM cards in response to the first Rowhammer attack in 2014.
The researchers from ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm ran their attack – via a fuzzer called Blacksmith, available on GitHub – against various proprietary TRR implementations in 40 DRAM devices. The technique allowed them to quickly discover ways to cause bit flips in all of them.