Worrying new hack attacks DDR3 memory

DDR3 memory
DDR3 memory

Security researchers on Google's Project Zero initiative have discovered how to launch an attack that takes advantage of physical weaknesses in some types of DDR memory chips inside Intel-compatible PCs running Linux.

A blog post published earlier this week explained that the bit flipping technique flagged up last year has been used in a successful attack by researchers who were able to reverse the individual bits of data stored in DDR3 chip modules that are called DIMMs.

Bit flipping works when attackers repeatedly hammer small parts of the memory hundreds of thousands of times in just a few milliseconds. By hammering the two "aggressor" memory regions the attacker can then reverse one of more bits in the third "victim" region and exploit that to change the administrator privileges on the target PC.

It affects newer versions of DDR3 memory that are able to be exploited thanks to the shrinking size of silicon that makes it easier to trigger electronic interaction between neighbouring cells. By repeatedly accessing the location, as mentioned earlier, attackers can cause a leak in or out of the adjacent cells.

For now it's only local

The Project Zero researchers didn't detail the specific models of DDR3 that are prone to the attack and even though it sounds worrying the attack is currently only known to be local and thus decreases the scope for hackers wanting to launch attacks remotely.

Exploiting physical weaknesses in memory is still very rare and whilst repairing faulty software can be as simple as releasing a patch, replacing DDR memory may be the only way to solve the problems caused by this attack.

Via: Ars Technica, Project Zero

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does