Most of the security flaws and problems that get attention in the community are fundamentally software-based. It’s not impossible to find a hardware bug or errata to target, but such attacks are typically an order of magnitude more difficult and rely on your target having a specific make or model of CPU. A hardware attack against Haswell will most likely fail against an Ivy Bridge or AMD CPU, while an attack that succeeds against an ARM chip’s physical design won’t apply to AMD or Intel. There’s a new hardware attack making the rounds, dubbed Rowhammer, that directly targets DRAM — and it’s got the potential to be a major headache in the future.
Here’s how Rowhammer works: Recent research has shown that repeatedly accessing the same memory blocks over and over can cause a bit flip in other DRAM locations. These early attacks, however, required executing native code and relied on special instructions. A recent Chrome patch eliminated support for some of these instructions, which was thought to cause the problem.
How Rowhammer works
At a high level, DRAM is organized into matrices of rows and columns. Conceptually, the arrangement is similar to a spreadsheet, and the exact cell to be read or written is located by a combined column and row address. Because it takes electrical current to read and write data from memory, performing operations on DRAM cells necessarily requires an electrical current. That current can have an impact on adjacent cells, and the chance that a DRAM or write has an impact on a nearby cell has only increased as cells have transitioned to smaller geometries and become more tightly packed.
By rapidly activating an aggressor row, a hostile program can cause adjacent DRAM cells to flip their values (the victim rows). In the diagram above, the aggressor row is the purple row, while the two victim rows are shown in yellow. If the chips aren’t quickly refreshed by the system, a disturbance error occurs, which means the values in those particular DRAM cells changes. There’s also a double-sided Rowhammer attack, in which the two yellow rows are used to launch an attack against the purple row — this method has a considerably higher chance of success.
One of the standard methods of protecting an operating system is to prevent processes from accessing memory that hasn’t been assigned to them. Your Chrome.exe or Firefox.exe process can’t just go snooping around in a game you’re playing, or even in each other’s memory locations. That’s the kind of trick that leads to hard locks and terminal errors in short order, particularly if one process overwrites values in another processes’ memory space.
Right now, no one has created a rootkit or other exploit that relies on Rowhammer.js or an equivalent attack to do its dirty work. One simple way to avoid the problem is to increase the refresh rate to the point that the DRAM no longer has enough of an interval to be affected by Rowhammer in the first place. The problem with this approach is that it’ll both increase power consumption and it requires a huge refresh increase to be effective — up to eight-fold baseline for DDR3. That’s unlikely to ever happen without a fundamental change in memory technology, and while the Rowhammer.js exploit isn’t currently functional in the wild, we’d be surprised if malware developers don’t try to take advantage of it at some point.