ROWPRESS
It may sound like an exercise, but RowPress is actually the latest DRAM attack, in the same vein as RowHammer. Where RowHammer repeatedly opened and closed a DRAM’s activation line to induce errors on a neighboring line, RowPress simply keeps the activation line opened longer than normal. And it works better than RowHammer, surprisingly. And because it’s a novel technique, it sidesteps a lot of the protections built for Rowhammer and other techniques.

One of the interesting observations is that the temperature of system memory makes a difference. Once RAM is over 80 degrees Celsius, most of the RAM tested became significantly more vulnerable to RowPress memory corruption.

https://dl.acm.org/doi/abs/10.1145/3579371.3589063

DDR4 memory protections are broken wide open by new Rowhammer technique
Researchers build “fuzzer” that supercharges potentially serious bitflipping exploits.
https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/

Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.

Rowhammer attacks work by accessing—or hammering—physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things.

All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows—meaning those that cause bitflips in nearby “victim” rows—are accessed the same number of times.

Bypassing all in-DRAM mitigations

Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work from the same researchers.

“We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,” Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. “This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come.”

The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to.

Blacksmith
https://comsec.ethz.ch/research/dram/blacksmith/

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScript, on smartphones, across VMs in the cloud, and even over the network.

Rowhammer is a vulnerability caused by leaking charges in DRAM cells that enables attackers to induce bit flips in DRAM memory. To stop Rowhammer, DRAM implements a mitigation known as Target Row Refresh (TRR). Our previous work showed that the new n-sided patterns can still trigger bit flips on 31% of today’s PC-DDR4 devices. We propose a new highly effective approach for crafting non-uniform and frequency-based Rowhammer access patterns that can bypass TRR from standard PCs. We implement these patterns in our Rowhammer fuzzer named Blacksmith and show that it can bypass TRR on 100% of the PC-DDR4 DRAM devices in our test pool. Further, our work provides new insights on the deployed mitigations.

How bad is it?

For our evaluation, we considered a test pool of 40 DDR4 devices covering the three major manufacturers (Samsung, Micron, SK Hynix), including 4 devices that did not report their manufacturer. We let our Blacksmith fuzzer run for 12 hours to assess its capability to find effective patterns. Thereafter, we swept the best pattern (based on the number of total bit flips triggered) over a contiguous memory area of 256 MB and report the number of bit flips. The results in Table 1 show that our Blacksmith fuzzer is able to trigger bit flips on all 40 DRAM devices with a large number of bit flips, especially on devices of manufacturers A and D.

We also evaluated the exploitability of these bit flips based on three attacks from previous work: an attack targeting the page frame number of a page table entry (PTE) to pivot it to an attacker-controlled page table page, an attack on the RSA-2048 public key that allows recovering the associated private key used to authenticate to an SSH host, and an attack on the password verification logic of the sudoers.so library that enables gaining root privileges.

You can a demo of our Blacksmith fuzzer below, showing how easy and quick it is to find bit flips on TRR-enabled DDR4 devices.

BLACKSMITH: Scalable Rowhammering in the Frequency Domain
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips.

The Rowhammer issue, which has been around for roughly one decade, exists because cells on DRAM chips are smaller and closer to each other, making it difficult to prevent electrical interaction between them. Thus, by repeatedly accessing data in a row of memory, data in nearby rows may become corrupted.

To mitigate the flaw, Target Row Refresh (TRR) was introduced in DRAM but a group of researchers managed to bypass the protection using “non-uniform and frequency-based Rowhammer access patterns.”

All Rowhammer access patterns published to date exploit rows uniformly, and TRR exploits this behavior to identify ‘aggressor’ rows and refresh nearby ‘victim’ rows to prevent failure.

However, as smaller technology nodes are used, the underlying DRAM technologies are increasingly vulnerable, resulting in fewer accesses being needed to trigger bit flips in DRAM memory. Thus, non-uniform access patterns can be used to bypass TRR, the researchers said in a paper documenting the work.

The researchers conducted experiments on 40 DDR4 DIMMs (from Samsung, Micron, and SK Hynix) to explore the possibility of bypassing mitigations through “accessing aggressor rows in non-uniform access patterns.”

BLACKSMITH: Scalable Rowhammering in the Frequency Domain
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

As Chips Shrink, Rowhammer Attacks Get Harder to Stop
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.
https://www.wired.com/story/rowhammer-half-double-attack-bit-flips/

In 2015, Researchers at Google made a troubling discovery: The data theft technique known as “Rowhammer,” previously thought of as a theoretical concern, could be exploited in real-world conditions. Now a different group of Google computer scientists have shown that the problem has only gotten worse, thanks in part to improvements in how chips are designed.

Rowhammer is a physical hacking technique that manipulates the electric charge in computer memory chips (known as DRAM) to corrupt or exfiltrate data. In an attack, hackers run the same program repeatedly on a “row” of DRAM transistors to “hammer” that row until it leaks electricity into the adjacent row. When done in a targeted way, that leakage can physically flip a bit in the next row of transistors from 1 to 0 or vice versa. By strategically flipping enough bits, an attacker can begin to manipulate the target system and gain a digital foothold.

In the years since the original 2014 Rowhammer research, chipmakers have added mitigations that monitor adjacent rows for potentially suspicious behavior. But as chips continue to get smaller, the ripple effect that comes from hammering a given row could potentially flip bits two or more rows away.

Think of Gallagher smashing a watermelon. You can protect the front of the audience by giving them all plastic ponchos. But if he swings hard enough, and the crowd is packed in tight enough, the rind and pulp could make contact with faces two or three rows deep.

The researchers dubbed their attack “Half-Double,” and note that the technique wasn’t practical on older generations of DRAM where transistor rows were slightly farther apart. As whatever’s left of Moore’s Law packs transistors ever more densely together, though, the risk of spillover in Rowhammer attacks is increasing.

“This is the result of miniaturization,” the Google researchers told WIRED in a written response to questions. “In our experiments with older DDR4 chips, this technique was not successful. We are releasing this research today in order to advance the understanding of this threat. We are hopeful that it will further discussions on mitigations that are long lasting and effective.”

Google disclosed its findings to the semiconductor engineering trade organization JEDEC, which has issued two stop-gap mitigations. And the researchers have been coordinating with other industry partners as well to raise awareness about the issue. But it will take time for chipmakers to fully understand the implications.

A full fix will also require rethinking how chips get designed, and would apply to future generations of DRAM. To go back Mighimi’s metaphor, it’s easier to build a new apartment with thicker walls and more insulation than it is to retrofit an existing building.

Moghimi says that researchers already understood this potential risk in theory, but that the Google findings, once again, demonstrate a plausible, real-world attack. “It shows that it’s more practical than a lot of people think,” he says.

This isn’t the first time Rowhammer attacks have seemed to be resolved and then roared back. Researchers at Vrije Universiteit Amsterdam have repeatedly shown in the last 18 months that current chip defenses against more traditional Rowhammer attacks can be defeated. But the Google findings carry an additional warning that advances in the size and efficiency of memory chips potentially come with new risks from Rowhammer.

NEAR-TERM DRAM LEVEL ROWHAMMER MITIGATION
https://www.jedec.org/standards-documents/docs/jep300-1

SYSTEM LEVEL ROWHAMMER MITIGATION
https://www.jedec.org/standards-documents/docs/jep301-1

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.

Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years.

https://www.vusec.net/projects/smash/

Rowhammer attack on memory could create significant issues for systems; possible solution emerges.