A group of scientists from the Free University of Amsterdam and the Swiss Higher Technical School of Zurich presented a new version of the Rowhammer attack.
According to scientists, despite the TRR (Target Row Refresh) technology implemented in DRAM to prevent distortion of rows of cells during the Rowhammer attack, some modern DDR4 modules are still vulnerable to multilateral bit manipulation (the so-called bit flipping) underlying the attack. Rowhammer.
“SMASH leverages high-level knowledge of cache replacement policies to create optimal access patterns for a preemptive multi-lateral Rowhammer attack. In order to bypass TRR in DRAM, SMASH carefully plans cache hits and misses in order to successfully trigger synchronized multi-way bit flipping, ”the experts said.
Rowhammer is the generic name for a class of hardware vulnerabilities in DDR4 systems. RAM modules store data in cells, each of which consists of a capacitor and a transistor. These memory cells are located on a silicon chip in the form of a matrix. However, due to the natural discharge rate of capacitors, they tend to lose their state over time and therefore requires periodic reading and rewriting of each cell in order to restore the capacitor's charge to its original level. In addition, the higher density of DRAM ICs has allowed for faster electromagnetic interactions between memory cells and increased the likelihood of data loss.
In 2014, researchers found that by repeatedly performing fast read / write operations on a row of cells, electrical noise could be generated that altered data in adjacent rows. Since then, a number of initial attack variants have been developed: ECCploit, JackHammer, Rowhammer.js, Throwhammer , RAMBleed , Drammer , Nethammer , etc.