Security News > 2021 > November > New Rowhammer technique bypasses existing DDR4 memory defenses
Researchers have developed a new fuzzing-based technique called 'Blacksmith' that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations.
The emergence of this new Blacksmith method demonstrates that today's DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted.
Rowhammer is a security exploit that relies on the leaking of electrical charges between adjacent memory cells, enabling a threat actor to flip 1s and 0s and change the content in the memory.
The attack used against it was called 'TRRespass,' and was another fuzzing-based technique that successfully found usable Rowhammering patterns.
'Blacksmith' found effective Rowhammer patterns on all of the 40 tested DIMMs. The trick that the researchers used this time is not to approach the hammering patterns uniformly but instead explore non-uniform structures that can still bypass TRR. The team used order, regularity, and intensity parameters to design frequency-based Rowhammer patterns and then fed them to the Blacksmith fuzzer to find working values.
Comsec further found that while using ECC DRAM will make exploitation harder, they will not defend against all Rowhammer attacks.