The technique theftdata logger called “Rowhammer” has both alarmed and fascinated the community security in cyberspace because it combines digital and physical hacking in ways that are very exciting and incalculable.
From discovery of attacks to this day, researchers are studying it and trying to identify the targets it can successfully attack. After a first investigation their findings are very disturbing.
They found that the range of a Rowhammer attack can be much larger than they expected, as it can affect from servers to router but also hardware that until now we considered safe.
Below we will try to explain the attack as simply as possible.
Rowhammer attacks are very technical.
They involve a strategic execution of a program over and over again in a "series" of transistors on a computer's memory chip. The idea is to "forge" this series, until electricity begins to leak into the next series.
This leak can cause problems at the destination line and cause energy reversals from one location to another, slightly altering the data stored in memory. A skilled Rowhammer intruder can then start exploiting these tiny data changes to gain access to the system.
Researchers initially believed that a Rowhammer attack affected the standard random access memory used on many computers. But it turned out that the Rowhammer attack threatens memory on Android phones as well. On Wednesday, however, researchers from the VUSec team at the Vrije Universiteit in Amsterdam released details of a next-generation Rowhammer attack that could target what is known as "error-correcting code memory."
ECC memory was thought to complicate Rowhammer attacks because it had self-correction mechanisms that deal with the data corruption caused by the attack. It is worth mentioning that ECC memory is used in systems that need exceptional reliability and can not tolerate inaccuracies, such as systems for financial platforms.
The researchers note that the ECC memory could not stop these attacks.
Those interested in learning more about the attack can read it paper published by the researchers.
_____________________