New Variant of Rowhammer Attack Discovered
Google security researchers have revealed that another variant of the Rowhammer attack is currently existing and is bypassing all current defenses in order to tamper with stored data in memory.
Named as the “Half-Double”, this new variant is discovered to possess a technique that hinges on the weak coupling between two memory rows that are not adjacent to each other but one row removed. According to the researchers, “This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.”
Rowhammer attacks refer to a class of DRAM vulnerabilities where repeated access to a memory, known as the aggressor, can cause an electrical disturbance huge enough to flip bits stored in an adjacent row, referred to as victim. This incident allows untrusted code to escape its sandbox and take over control of the system.
Google said it’s currently working with the Joint Electron Device Engineering Council (JEDEC), an independent standardization body and semiconductor engineering trade organization, along with other industry partners, to identify possible solutions for Rowhammer exploits.