The technique theftA data breach called “Rowhammer” has both alarmed and fascinated the cyber security community because it combines digital and physical hacking in ways that are very exciting and unpredictable.
From the discovery of the attack until today, researchers have been studying it and trying to determine the targets it can successfully attack. After a first investigation, their findings are very worrying.
They discovered that the range of a Rowhammer attack could be much larger than they expected, as it could affect servers to routers as well as hardware that until now we considered safe.
Below we will try to explain the attack as simply as possible.
Rowhammer attacks are very technical.
They include a strategic execution of a preletterover and over again in a "row" of transistors in a computer's memory chip. The idea is to “forge” this row until electricity starts to flow into the next row.
This leak can cause problems at the destination line and cause energy reversals from one location to another, slightly altering the data stored in memory. A skilled Rowhammer intruder can then start exploiting these tiny data changes to gain access to the system.
Initially researchers believed that a Rowhammer attack affected the standard random access memory used in many computers. But it turned out that the Rowhammer attack threatens the memory of Android phones as well. On Wednesday, however, researchers from the VUSec team at Vrije Universiteit Amsterdam published details of a next-generation Rowhammer attack that can target what is known as "memory".code error-correcting code memory.
ECC memory was thought to complicate Rowhammer attacks because it had self-correction mechanisms that deal with the data corruption caused by the attack. It is worth mentioning that ECC memory is used in systems that need exceptional reliability and can not tolerate inaccuracies, such as systems for financial platforms.
The researchers note that the ECC memory could not stop these attacks.
Those interested in learning more about the attack can read it paper published by the researchers.
_____________________