Google has just revealed the discovery of a new technique used by attackers to take advantage of the Rowhammer security exploit present in Dynamic Random-Access Memory (DRAM). This new strategy involves capitalizing on the issues with some of the newer DRAM chips in the ways memory cells interact with each other.
This DRAM vulnerability works by using access to one address to alter the data stored at various other addresses. Similar to CPU execution vulnerabilities, Rowhammer interferes with the security architecture of the underlying hardware. As the exploit exists within the Silicon material itself, the bug enables potential bypass of both hardware and software protection measures. Such security circumvention can allow untrusted code to escape the sandbox and take over the system.
Perhaps most concerning, Half-Double has shown the unique Rowhammer capability of spreading to rows beyond its adjacent neighbors within the memory chip. This increase in distance likely suggests a growing sophistication of the Rowhammer exploit.
Google has begun collaborating with the independent semiconductor engineering trade organization JEDEC, among others, to try and resolve this Rowhammer threat. For now, Google encourages the multiple possibly impacted industries—from automotive to IoT—to contribute to and support this effort in any way possible.