Security News > 2021 > November > New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses
Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices.
Originally disclosed in 2014, Rowhammer refers to a fundamental hardware vulnerability that could be abused to alter or corrupt memory contents by taking advantage of DRAM's tightly-packed, matrix-like memory cell architecture to repeatedly access certain rows that induces an electrical disturbance large enough to cause the capacitors in neighbouring rows to leak charge faster and flip bits stored in the "Victim" rows adjacent to them.
A double-sided Rowhammer access pattern sandwiches a victim row in between two aggressor rows, maximizing the bit flips in the victim row.
Another method called Half-Double, as established by Google researchers earlier this May, leverages the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed to tamper with data stored in memory and, in principle, even gain unfettered access to the system.
The approach involves conducting a series of experiments to identify complex "Non-uniform" patterns in which different numbers of aggressor rows are hammered with different frequencies, phases and amplitudes that can still bypass TRR, with the study finding at least one pattern that triggered Rowhammer bit errors across 40 DDR4 devices from Samsung, Micron, SK Hynix, and an unnamed manufacturer.
"The tendency in DRAM manufacturing is to make the chips denser to pack more memory in the same size which inevitably results in increased interdependency between memory cells, making Rowhammer an ongoing problem," Google's open-source team said last week, alongside announcing what's called the Rowhammer Tester platform for "Experimenting with new types of attacks and finding better Rowhammer mitigation techniques."
News URL
https://thehackernews.com/2021/11/new-blacksmith-exploit-bypasses-current.html
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)