Security researchers have found new methodology that could make Rowhammer attacks easier for hackers to execute. New ways of triggering the process seem to be much quicker and more reliable than previous routines, which could lead to an increase in the use of this burgeoning exploit.
Rowhammer works by taking advantage of a physical weakness in dynamic random-access memory, or DRAM, which can cause memory cells to leak their charges and affect the content of nearby rows. Known among researchers as “bitflipping,” it’s an unintentional side effect of recent efforts to make memory more compact. It wasn’t long, however, before ways of prompting the process on purpose were discovered.
Previous research uncovered methods that were unreliable or prohibitively difficult. One process used Javascript for a successful result, but that approach was limited to certain platforms, was slow to complete its work, and required the targeted user to have made certain tweaks to the default settings on their system.
Now, a new report suggests that code already present on the target system that contains non-temporal instructions could be used to facilitate bitflipping, according to a report from Ars Technica. Because non-temporal instructions store data on a DRAM chip rather than the cache, they provide a much more direct route to the target.
Potentially, a malicious Web app could exploit non-temporal instructions to remove the security constraints being put in place by a Web browser. Alternatively, malicious files fed into a video player or another app could seize upon instructions used by the software to make an attack on the system’s DRAM.
This method demonstrates the continued importance of security work — it’s thought that Rowhammer might be a couple of years away from being practical, which gives developers some time to combat its effects. However, the fact that these attacks utilize a physical trait of DRAM memory might make them rather difficult to counteract.
