Rowhammer Redux: The Menace of Memory Attacks Returns to Haunt Computing

Serious Security: Rowhammer returns to gaslight your computer

In a recent cybersecurity development, the phenomenon known as rowhammering has resurfaced as a potential threat. Rowhammering, named after the flickering gas lights in the play “Gas Light,” is an electronics problem that occurs when unwanted inside-the-system interactions affect neighboring memory cells. By repeatedly accessing and reading the same block of DRAM memory, rowhammering can induce unpredictable bit-flips in nearby memory cells, which can lead to memory errors and potentially be exploited for malicious purposes.

The Connection to Gaslighting

In the play “Gas Light,” a manipulative husband manipulates his wife by covertly returning to the scene of a murder to search for stolen jewels. The dimming of the gas lights caused by his actions serves as evidence of his criminality. Similarly, rowhammering relies on the unintended effects of accessing specific memory cells, which can inadvertently affect neighboring memory cells.

Rowhammer as an Attack Technique

Various cybersecurity attacks have been proposed based on rowhammering, although they can be challenging to execute due to the necessary control over memory layout, processor setup, and operating system configuration. However, recent research suggests that rowhammering could be used not for code execution exploits, but rather for “fingerprinting” computers to track and identify them. Each DRAM chip exhibits distinctive patterns of bit-flipping behavior when subjected to rowhammering attacks, potentially allowing for the identification of specific devices.

Rowhammering as a “Supercookie”

The researchers found that even DRAM chips from different vendors exhibited distinguishable patterns of bit-flips, enabling the recognition of specific hardware details that, coupled with other identifying factors, could differentiate a device from others on the internet. Essentially, rowhammering acts as an unconventional form of tracking and surveillance, akin to a “supercookie” that identifies a particular computer.

Protective Maintenance Makes Things Worse

Interestingly, attempts to ensure consistency in the rowhammering fingerprinting technique by removing and reseating memory modules actually made it easier to detect memory module matches. The researchers speculate that environmental factors, such as heat and humidity variations, might subtly alter the behavior of memory modules over time, potentially affecting the bit-flipping characteristics used for identification purposes. Paradoxically, memory modules that become worse over time at resisting bit-flip side-effects could also become more vulnerable to code execution exploits.

The Implications and Potential Threats

While rowhammering as a threat is concerning, the researchers’ ability to extract DRAM “supercookies” relies on getting users to run a carefully-coded application. Exploiting rowhammering to fingerprint a computer would typically require tricking the user into running malware and obtaining elevated privileges, making it a less likely avenue for attackers compared to other more reliable techniques. Additionally, the collection of rowhammering data needed for fingerprinting could potentially corrupt or crash the computer, attracting the user’s attention to the attack.

Recommended Actions

As of now, there are limited options for mitigating rowhammering since it is an inherent issue resulting from the size and proximity of capacitors in modern DRAM chips. However, individuals can protect themselves by following general cybersecurity best practices, such as:

• Refusing to run unknown software or execute suspicious code
• Avoiding granting unnecessary privileges to unfamiliar applications
• Regularly updating operating systems and software to minimize vulnerabilities
• Implementing strong password management practices and using multi-factor authentication
• Being cautious of phishing attempts and suspicious emails

Overall, while rowhammering presents a potential security concern, users who maintain good cybersecurity hygiene and exercise caution should be able to mitigate the risks associated with this threat.