Comments on: Dynamic random flip memory https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/ All about electronics and circuit design Sat, 04 Apr 2026 11:32:29 +0000 hourly 1 http://wordpress.org/?v=3.9.14 By: Tomi Engdahl https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/comment-page-1/#comment-1816025 Fri, 20 Oct 2023 07:28:19 +0000 https://www.epanorama.net/blog/?p=190099#comment-1816025 There’s a new way to flip bits in DRAM, and it works against the latest defenses
https://arstechnica.com/security/2023/10/theres-a-new-way-to-flip-bits-in-dram-and-it-works-against-the-latest-defenses/
New technique produces lots of bitflips and could one day help form an attack.
In 2015, researchers reported a surprising discovery that stoked industry-wide security concerns—an attack called RowHammer that could corrupt, modify, or steal sensitive data when a simple user-level application repeatedly accessed certain regions of DDR memory chips. In the coming years, memory chipmakers scrambled to develop defenses that prevented the attack, mainly by limiting the number of times programs could open and close the targeted chip regions in a given time.
Recently, researchers devised a new method for creating the same types of RowHammer-induced bitflips even on a newer generation of chips, known as DDR4, that have the RowHammer mitigations built into them. Known as RowPress, the new attack works not by “hammering” carefully selected regions repeatedly, but instead by leaving them open for longer periods than normal. Bitflips refer to the phenomenon of bits represented as ones change to zeros and vice versa.
Further amplifying the vulnerability of DDR4 chips to read-disturbance attacks—the generic term for inducing bitflips through abnormal accesses (i.e., activations) to memory chips—RowPress bitflips can be enhanced by combining them with RowHammer accesses. Curiously, raising the temperature of the chip also intensifies the effect.
“We demonstrate a proof of concept RowPress program that can cause bitflips in a real system that already employs protections against RowHammer,” Onur Mutlu, a professor at ETH Zürich and a co-author of a recently published paper titled RowPress: Amplifying Read Disturbance in Modern DRAM Chips, wrote in an email. “Note that this is not in itself an attack. It simply shows that bitflips are possible and plenty, which can easily form the basis of an attack. As many prior works in security have shown, once you can induce a bitflip, you can use that bitflip for various attacks.”
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf
Memory isolation is critical for system reliability, security, and safety. Unfortunately, read disturbance can break memory isolation in modern DRAM chips. For example, RowHammer is a well-studied read-disturb phenomenon where repeatedly opening and closing (i.e., hammering) a DRAM row many times causes bitflips in physi cally nearby rows.
This paper experimentally demonstrates and analyzes another widespread read-disturb phenomenon, RowPress, in real DDR4 DRAM chips. RowPress breaks memory isolation by keeping a DRAM row open for a long period of time, which disturbs physi cally nearby rows enough to cause bitflips. We show that RowPress amplifies DRAM’s vulnerability to read-disturb attacks by signifi cantly reducing the number of row activations needed to induce a bitflip by one to two orders of magnitude under realistic conditions

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/comment-page-1/#comment-1741735 Thu, 25 Nov 2021 12:08:20 +0000 https://www.epanorama.net/blog/?p=190099#comment-1741735 BLACKSMITH: Scalable Rowhammering in the Frequency Domain
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
Blacksmith Rowhammer Fuzzer
https://github.com/comsec-group/blacksmith
This repository provides the code accompanying the paper Blacksmith: Scalable Rowhammering in the Frequency Domain that is to appear in the IEEE conference Security & Privacy (S&P) 2022.
This is the implementation of our Blacksmith Rowhammer fuzzer. This fuzzer crafts novel non-uniform Rowhammer access patterns based on the concepts of frequency, phase, and amplitude. Our evaluation on 40 DIMMs showed that it is able to bypass recent Target Row Refresh (TRR) in-DRAM mitigations effectively and as such can could trigger bit flips on all 40 tested DIMMs.

]]> By: jigsaw puzzle https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/comment-page-1/#comment-1741178 Mon, 22 Nov 2021 02:30:53 +0000 https://www.epanorama.net/blog/?p=190099#comment-1741178 Many researchers have demonstrated that repeatedly accessing specific storage locations in memory can cause bit flips – that is, bits in adjacent rows are changed from 0 to 1 and vice versa
https://jigsawpuzzle.io

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/comment-page-1/#comment-1740707 Sat, 20 Nov 2021 15:50:01 +0000 https://www.epanorama.net/blog/?p=190099#comment-1740707 https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2021/11/17/dynamic-random-flip-memory/comment-page-1/#comment-1740628 Sat, 20 Nov 2021 12:45:08 +0000 https://www.epanorama.net/blog/?p=190099#comment-1740628 https://thehackernews.com/2021/11/new-blacksmith-exploit-bypasses-current.html

]]>