Security News

Well, it's back, and this time it's called SMASH. Rowhammering is a reliability problem that besets many computer memory chips, notably including the sort of RAM in your laptop or mobile phone. Bluntly put: using a rowhammer attack, you can make modifications, albeit hapazardly, to memory that has nothing to do with you, just by reading repetitively from memory that's allocated to your program.

Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH. Rowhammer refers to a technique that computer security researchers began to explore around 2014: "Hammering" RAM chips with a series of rapid write operations. Initially, Rowhammer attacks had to be conducted locally, though by 2016 [PDF], the technique had been refined to work remotely using JavaScript in, say, a web browser.

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. "Despite their in-DRAM Target Row Refresh mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.

Remember rowhammer vulnerability? A critical issue affecting modern DRAM chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh that refreshes adjacent rows when a victim row is accessed more than a threshold.

Remember rowhammer vulnerability? A critical issue affecting modern DRAM chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh that refreshes adjacent rows when a victim row is accessed more than a threshold.

The team at Tencent Keen Security Lab has done it again: hacking Tesla's Model S, in which the security shop's parent company has a significant stake. One Dell of a start to 2020 for RSA. It seems security company RSA's days as a part of the Dell family of brands may be numbered.

Boffins blast boards to boost bits Bit boffins from Australia, Austria, and the US have expanded upon the Rowhammer memory attack technique to create more dangerous variation called RAMBleed that...

Dutch boffins slip memory-busting attack round mitigations Researchers in the Netherlands have discovered that error-correcting code (ECC) memory protection can be thwarted to perform Rowhammer...

And NSA can't stop slurping your phone records Roundup This week we dealt with buggered bookies, trouble at Ticketmaster, and a compromised Linux build from Gentoo.…

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against...