Security News > 2021 > May > Half-Double: Google Researchers Find New Rowhammer Attack Technique
A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory chips.
The new attack method disclosed this week by Google, which researchers have dubbed "Half-Double," shows that the effects of Rowhammer can extend beyond immediate neighbors, thus bypassing some of the existing defenses.
"Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to 'transport' the Rowhammer effect of A onto C," the Google researchers explained.
The researchers said the Half-Double attack works against newer generation DRAM chips, but it does not work against older ones, which suggests that the shrinkage of memory cell geometries makes Rowhammer attacks "Stronger and longer-ranged." They also noted that it may be possible to launch attacks that work over distances greater than two rows.
Google has been working with JEDEC and others to come up with mitigations for Rowhammer attacks.
"We are disclosing this work because we believe that it significantly advances the understanding of the Rowhammer phenomenon, and that it will help both researchers and industry partners to work together, to develop lasting solutions. The challenge is substantial and the ramifications are industry-wide," Google researchers said.
News URL
Related news
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Samsung phone users under attack, Google warns (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)