The technique theftA data breach called “Rowhammer” has both alarmed and fascinated the cyber security community because it combines digital and physical hacking in ways that are very exciting and unpredictable.
From the discovery of the attack until today, researchers have been studying it and trying to determine the targets it can successfully attack. After a first investigation, their findings are very worrying.
They discovered that the range of a Rowhammer attack can be much greater than they thought, as it can affect from servers up to routers but also hardware that until now we considered safe.
Below we will try to explain the attack as simply as possible.
Rowhammer attacks are very technical.
They involve a strategic execution of a program over and over again in a "series" of transistors on a computer's memory chip. The idea is to "forge" this series, until electricity begins to leak into the next series.
This leakage can cause problems on the destination line and cause reversals energy από την μια θέση στην άλλη, αλλάζοντας ελαφρώς τα δεδομένα που είναι αποθηκευμένα στη μνήμη. Ένας εξειδικευμένος εισβολέας Rowhammer μπορεί στη συνέχεια να αρχίσει να εκμεταλλεύεται αυτές τις μικροσκοπικές αλλαγές δεδομένων για να αποκτήσει πρόσβαση στο σύστημα.
Initially researchers believed that a Rowhammer attack affected the standard random access memory used in many computers. But it turned out that the Rowhammer attack threatens the memory of Android phones as well. On Wednesday, however, her investigators teams VUSec from Vrije Universiteit Amsterdam have published details of a next-generation Rowhammer attack that can target what is known as error-correcting code memory.
ECC memory was thought to complicate Rowhammer attacks because it had self-correction mechanisms that deal with the data corruption caused by the attack. It is worth mentioning that ECC memory is used in systems that need exceptional reliability and can not tolerate inaccuracies, such as systems for financial platforms.
The researchers note that the ECC memory could not stop these attacks.
Those interested in learning more about the attack can read it paper published by the researchers.
_____________________