Security News > 2021 > May > Google Researchers Discover A New Variant of Rowhammer Attack
A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security.
Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed in an attempt to tamper with data stored in memory and attack a system.
Discovered in 2014, Rowhammer refers to a class of DRAM vulnerabilities whereby repeated accesses to a memory row can induce an electrical disturbance big enough to flip bits stored in an adjacent row, thereby allowing untrusted code to escape its sandbox and take over control of the system.
"[The attack] works because DRAM cells have been getting smaller and closer together," Google Project Zero researchers elaborated in 2015.
The imperfect protections meant TRR defenses in DDR4 cards could be circumvented to stage new variants of Rowhammer attacks such as TRRespass and SMASH. The distance-two assisted Rowhammer - aka Half-Double - now joins that list.
"Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful to B," the researchers explained.
News URL
Related news
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense (source)
- Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks (source)
- Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps (source)
- Threat actors abuse Google Apps Script in evasive phishing attacks (source)