In 2015, Researchers at Google made a troubling discovery: The data theft technique known as "Rowhammer," previously thought of as a theoretical concern, could be exploited in real-world conditions. Now a different group of Google computer scientists have shown that the problem has only gotten worse, thanks in part to improvements in how chips are designed.
Rowhammer is a physical hacking technique that manipulates the electric charge in computer memory chips (known as DRAM) to corrupt or exfiltrate data. In an attack, hackers run the same program repeatedly on a "row" of DRAM transistors to "hammer" that row until it leaks electricity into the adjacent row. When done in a targeted way, that leakage can physically flip a bit in the next row of transistors from 1 to 0 or vice versa. By strategically flipping enough bits, an attacker can begin to manipulate the target system and gain a digital foothold.
In the years since the original 2014 Rowhammer research, chipmakers have added mitigations that monitor adjacent rows for potentially suspicious behavior. But as chips continue to get smaller, the ripple effect that comes from hammering a given row could potentially flip bits two or more rows away. Think of Gallagher smashing a watermelon. You can protect the front of the audience by giving them all plastic ponchos. But if he swings hard enough, and the crowd is packed in tight enough, the rind and pulp could make contact with faces two or three rows deep.
The researchers dubbed their attack "Half-Double," and note that the technique wasn't practical on older generations of DRAM where transistor rows were slightly farther apart. As whatever's left of Moore's Law packs transistors ever more densely together, though, the risk of spillover in Rowhammer attacks is increasing.
View Full Article