The data theft technique called "Rowhammer" has worried and fascinated the cyber security community, because it combines digital and physical hacking in very exciting and incalculable ways.
From the discovery of the attack until today, researchers have been studying it and trying to determine the targets it can successfully attack. After a first investigation, their findings are very worrying.
They discovered that the range of a Rowhammer attack could be much larger than they expected, as it could affect servers to routers as well as hardware that until now we considered safe.
Below we will try to explain the attack as simply as possible.
Rowhammer attacks are very technical.
They involve a strategic execution of a program over and over again in a "series" of transistors on a computer's memory chip. The idea is to "forge" this series, until electricity begins to leak into the next series.
This leak can cause problems at the destination line and cause energy reversals from one location to another, slightly altering the data stored in memory. A skilled Rowhammer intruder can then start exploiting these tiny data changes to gain access to the system.
Researchers initially believed that a Rowhammer attack affected the standard random access memory used on many computers. But it turned out that the Rowhammer attack threatens memory on Android phones as well. On Wednesday, however, researchers from the VUSec team at the Vrije Universiteit in Amsterdam released details of a next-generation Rowhammer attack that could target what is known as "error-correcting code memory."
ECC memory was thought to complicate Rowhammer attacks because it had self-correction mechanisms that deal with the data corruption caused by the attack. It is worth mentioning that ECC memory is used in systems that need exceptional reliability and can not tolerate inaccuracies, such as systems for financial platforms.
The researchers note that the ECC memory could not stop these attacks.
Those interested in learning more about the attack can read it paper published by the researchers.