14 DAY TRIAL // A Google team of security researchers demonstrated another form of the Rowhammer attack that circumvents all known safeguards to modify data stored in memory.
The new Rowhammer approach, dubbed Half-Double, is based on weak coupling between two rows of memory that are not directly neighboring but are one row apart.
Researchers noted, "Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate".
"This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable".
What is a Rowhammer attack?
Rowhammer attacks, like speculative execution, exploit the underlying hardware's basic security guarantees. Rowhammer is a class of DRAM vulnerabilities discovered in 2014 in which repeated visits to a line of memory (aggressor) can generate an electrical disturbance strong enough to flip bits stored in a neighboring line (victim), allowing untrusted code to escape its sandbox and seize control of the system.
While DRAM providers have deployed countermeasures like Target Row Refresh (TRR) to prevent similar attacks, the mitigations were confined to two immediate neighbors of an attacker row, omitting memory cells within two rows of each other.
Because of the flaws in the protections, TRR defenses in DDR4 memory cards could be circumvented to perform new variations of Rowhammer assaults such as TRRespass and SMASH.
The distance-two assisted Rowhammer, also known as Half-Double, has recently been added to the list. Given three successive rows A, B, and C, the researchers noted, they were able to attack C by directing an exceptionally large number of accesses to A and only a handful (dozens) to B. A is the far attacker, B is the near attacker, and C is the victim in this new scenario.
Google stated that it is now collaborating with the Joint Electron Device Engineering Council (JEDEC), an independent standards body and trade organization for semiconductor technology, as well as other industry partners, to identify viable solutions to Rowhammer vulnerabilities.