The new Rowhammer approach shatters DDR4 memory safeguards

Rowhammer vulnerabilities, which allow unprivileged attackers to modify or destroy data stored in susceptible memory chips, are now available on almost all DDR4 modules thanks to a new technique that neutralises safeguards applied by chip makers to make their products more resistant to such assaults.

Rowhammer attacks operate by accessing — or pounding —physical rows inside susceptible chips millions of times per second in ways that cause bits in nearby rows to flip, resulting in 1s becoming 0s and vice versa. Researchers have demonstrated that the attacks may be used to provide untrusted programmes practically unlimited system capabilities, circumvent security sandboxes meant to prevent malicious code from accessing critical operating system resources, and root or infect Android devices, among other things.

Previous Rowhammer assaults smashed rows in consistent patterns, such as single-sided, double-sided, or n-sided. These “aggressor” rows—those that trigger bitflips in surrounding “victim” rows—are accessed the same way in all three scenarios.

 

High performance DDR4 computer memory RAM on motherboard isolated on white

All in-DRAM mitigations are bypassed.

A new Rowhammer approach was revealed in a study published on Monday. It employs non-uniform patterns with varying frequencies to access two or more aggressor rows. As a consequence, bitflips were seen in all 40 of the randomly selected DIMMs in a test pool, up from 13 out of 42 chips examined in prior work by the same researchers.

“We discovered that by generating specific memory access patterns, we can overcome all mitigations that are placed inside DRAM,” two of the study’s authors, Kaveh Razavi and Patrick Jattke, noted in an email. “According to our estimate, this raises the number of devices that might possibly be hacked with known methods to 80%.” Because of the hardware nature of these flaws, they cannot be addressed and will be with us for many years.”

The non-uniform patterns are antagonistic to Target Row Refresh. The mitigation, abbreviated as TRR, differs from vendor to vendor but usually tracks the number of times a row is viewed and recharges surrounding victim rows when there are evidence of abuse. The failure of this safeguard adds to the pressure on chipmakers to minimise a class of assaults that many experts felt were resistant to more modern varieties of memory chips.

Undocumented proprietary in-DRAM TRR is now the only barrier between Rowhammer and attackers abusing it in a variety of contexts such as browsers, mobile phones, the cloud, and even across the network. We illustrate how deviations from known consistent Rowhammer access patterns enable attackers to flip bits on all 40 freshly obtained DDR4 DIMMs, 2.6 more than the state of the art. The success of these new non-uniform patterns in avoiding TRR emphasises the need for a more robust TRR.

Serious ramifications

Previous Rowhammer demonstrations had devastating consequences. Researchers were able to acquire unfettered access to entire physical memory in one example by flipping bits in the page table entry that maps memory address locations. The same study showed how untrusted apps may achieve root privileges. In another example, Rowhammer was used by researchers to extract a 2048-bit encryption key from memory.

According to Razavi and Jattke, one of their students was able to replicate the crypto key assault using the new technique, and simulations indicate that the other attacks are also doable. Because of the substantial amount of engineering necessary, the researchers have not completely executed the prior assaults.

The non-uniform access patterns were produced by the researchers using a custom-built “fuzzer,” which is software that finds defects by automatically introducing faulty data in a semi-random way into a piece of hardware or software. Following that, the researchers

Gradually gaining speed

The new results have the greatest impact on PCs, laptops, and mobile phones that are gradually increasing speed. Cloud services such as AWS and Azure are typically immune to Rowhammer because they employ higher-end CPUs with an ECC protection, which stands for Error Correcting Code. The protection works by storing redundant control bits adjacent to the data bits inside the DIMMs using what are known as memory words. CPUs utilise these phrases to identify and correct flipped bits rapidly.

ECC was created to defend against a naturally occurring phenomena in which cosmic rays flip bits in newer DIMMs. ECC’s relevance expanded once Rowhammer emerged, when it was shown to be the most effective defensive. However, research released in 2018 revealed that, contrary to popular belief, ECC can also be avoided by reverse-engineering the mitigation in DDR3 DIMMs.

“DDR4 systems with ECC will most certainly be more vulnerable in the future.”

The researchers also noted their previous TRR study, which was previously disclosed, as well as their findings here, which suggest that operating chips in double refresh mode is a “poor approach that does not provide comprehensive protection” from Rowhammer. According to the study, a double refresh rate increases performance overhead and power consumption.

The image that emerges from this recent research is that Rowhammer still does not represent much of a real-world danger right now, but that the incremental gains in assaults achieved over the years may change that one day.

“In conclusion, our investigation indicates that the DRAM suppliers’ promises concerning Rowhammer safeguards are inaccurate and lead you astray,” the researchers stated. “All mitigations currently in place are insufficient to effectively guard against Rowhammer.” Our discovered patterns demonstrate that attackers may exploit systems more readily than previously thought.”