Researchers from ETH Zurich and Vrije University revealed yesterday that DDR4 and LPDDR4 memory is still vulnerable to Rowhammer attacks despite the Target Row Refresh (TRR) mitigations that were implemented to defend against them.
Rowhammer attacks, which were discovered in 2014, repeatedly access a single row of memory cells to cause bit flips in adjacent rows. Attackers could theoretically use Rowhammer to corrupt, alter or steal data from memory via these bit flips.
- Best RAM: Desktop DDR4 memory for gaming and productivity
The memory industry responded by adopting TRR mitigations in DDR4 memory. But the researchers discovered that it's possible to work around those mitigations in some memory products using a fuzzing tool they developed called TRRespass.
TRRespass "repeatedly selects random different rows at various locations in DRAM for hammering," the researchers said, to determine if any of them are vulnerable to Rowhammer attacks. From there, it's simply a matter of conducting the attack.
The researchers said they used TRRespass to test "the three major memory vendors (compromising more than 99% of the market) using 42 DIMMs." The utility found bit flips--which indicate vulnerability to Rowhammer attacks--on 12 of the DIMMs.
That implies 30 were okay, but the team said "this does not mean that they are safe," because "finding the right hammering pattern could be just a matter of time for our fuzzer or we may need additional parameters to improve the fuzzing strategy."
Unfortunately, these vulnerabilities exist on the hardware level; they can't simply be patched like a security flaw in software.
More information is available via the researchers' paper (PDF) as well as the GitHub repository for TRRespass.
