Tech

Tiny chip structures aggravate hardware attack Rowhammer

The Rowhammer attack is more far-reaching than previously assumed – in the truest sense of the word. Google researchers have found that penetrating access to an address in the main memory (RAM) not only influences neighboring bits, but also the bits after that. This is made possible by the physically even smaller structures in RAM chips.

The Google team fears that the “half-double” method can even be used to manipulate even more distant rows of chips. It has been found that adjacent rows of chips can be used for non-linear pulse control.

Rowhammer enables the manipulation of (actually protected) address areas of the memory with normal user rights. The term “row hammer” comes from the fact that a large number of read accesses to memory cells in certain rows of the DRAM chip are “hammered in” in order to trigger electrical interactions with other rows. Bit flips are thus triggered in adjacent lines, which enables the separation between user and kernel space to be overcome.

This in turn could allow attackers (depending on the attack scenario and environment) to break out of sandboxes, execute their own code, access sensitive data, crash systems or even take them over completely. Since the first public description in 2014, security researchers have discovered several variants of the Rowhammer side-channel attacks.

Instead of the DDR3 RAM that was common in 2014, DDR4 chips are now often used. They are faster and more energy efficient thanks to further shrinkage. When defending against rowhammers, these tiny structures now turn out to be an Achilles’ heel.

Just like the original row hammer, the new attack variant called Half-Double relies on a large number of accesses to a memory address, but adds a few dozen more accesses to an adjacent address. With this, the rowhammer effect can jump from the originally attacked row to the next but one row, Google has found out with experiments.

“Half-Double takes advantage of an inherent property of the underlying silicon substrate”, writes the Google teamwho carried out the experiments. “That’s probably an indication that the electrical connections responsible for rowhammers depend on the distance.” This would make them stronger and farther the smaller the chips.

The researchers hope that their publication will encourage collaboration between manufacturers and academia to work together to find a lasting remedy. Various defense methods have been devised in recent years, but they do not provide complete protection. “The challenge is great and the effects affect the entire industry,” emphasize the Google experts. “We call on all stakeholders (server, client, mobile, vehicle, Internet of Things) to participate in the development of a practical and effective solution that helps all of our users.”


(ds)

To home page

.